Before you roll your eyes on a matter of internet security, please bear with me for a just a few short but hopefully insightful moments as I discuss a real-life experience with a spoofing hack I experienced tonight while browsing a buddy’s Myspace page.
Here’s the scenario. I went to Tyler Gould’s Myspace and just about 5 seconds into looking at it, it appears that Myspace had kicked me out and I’m redirected to a login page (see image). The page looked legit. Same annoying ads…same login pane. No big deal, right? Just log in and continue surfing. BUT…here’s the kicker. Something just didn’t seem right. All I had to do was hit the back button and I was back to my Myspace home page and logged in just fine.
The next time it happened, I looked up at the website address window (that window where you type in your destination address…in this case “www.myspace.com”). To my suprise, the page did not reference what I expected (www.myspace.com) but instead started with some random characters. When I stripped down the address to its simplest form, I ended up visiting a one page site with a goofy face and a header that said some wise-guy was watching you poop. Hackers. Grrr. It might be funny if it wasn’t so malicious.
Now, I know the common reaction to this kind of occurence is to simply log-in. BIG NO-NO. In this case where someone had copied the Myspace login page (essentially “spoofed” or “copied” a legit page), all your log in effort would have done is supply whoever this is with your username and password. Uh-oh. I wonder how many username/passwords he/she was able to farm before Myspace fixed the problem (by the way, they did fix this soon after I posted a bulletin).
The lesson? When surfing, be wise. Everyone can surf safely if they just follow some simple rules. 1) When accessing sites that you must login for, take a glance at the address to make sure it’s the right page (it’s good practice to bookmark pages so you always know you’re going to the right site), 2) Use different passwords for different sites. I know many people have one or two password they use for everything and with the burgeoning amount of things we all log in to on a regular basis, these sensitive “keys” are getting easier to acquire. A compromise is to have one or two log-in names/passwords that you use for non-sensitive things like news-sites or hobby interests and then to have unique username/passwords for all sensitive sites like your online banking and credit card portals.
Remember, there are people all over the world that are looking for any means possible to get at your perfonal information. Knowing this does not mean you should curb your online use but it does require us all to navigate using some basic rules.
If you have any questions, let me know. Surf safe.
Popularity: 3% [?]
{ 1 comment… read it below or add one }
Amen! Did you put this in a bulletin? If not that might be a good idea! :0)