A warning to all the Facebook users out there – the scammers are after your login details again, this time by spreading a link which purports to be a video of Barack Obama.
The president is finally taking charge!! [LINK] Is this really for real?.
The image used in the message looks like a YouTube video thumbnail, but if you click on the link you are redirected, via a cross-scripting vulnerability on an MITwebpage and then Reddit, to a phoney Facebook login page.
It may look like Facebook, but it’s not the real Facebook. It’s designed to phish your username and password from you.
Incidentally, the page is hosted on an almost identically-named domain to one we’ve previously seen used in a Facebook phishing campaign.
Facebook usernames and passwords are an increasingly valuable commodity for cybercriminals – once they have those, they’ll be able to log into your account, post messages in your name, spread spam and malware and perhaps raid your profile for personal information that they might be able to use for identity theft.
Worst of all, perhaps, they can pose as you and cause tremendous problems for your friends and family.
So, if you think you might have fallen for a scam like this, change your Facebook password immediately and scan your computer with an up-to-date anti-virus product.
The notorious LulzSec hacking group has published login passwords for almost 26,000 users of an x-rated porn website.
The hackers compromised the database of the hardcore website (called “Pron“), exposing not only the email addresses and passwords of over 25,000 members but also the credentials of 55 administrators of other adult websites.
Furthermore, LulzSec drew particular attention to various government and military email addresses (.mil and .gov) that appeared to have accounts with the porn website.
That must be an embarrassing one to explain to the boss..
To add insult to injury, the LulzSec group called on its many recent Twitter followers to exploit the situation, by logging into Facebook with the email/password combinations and tell the victim’s Facebook friends and family about their porn habit.
It should go without saying that logging into someone else’s account without their permission is against the law in most countries around the world.
Fortunately, it’s reported that Facebook’s security team responded quickly to the threat – and reset the passwords for all of the accounts it had which matched the email addresses exposed. Of course, it’s still possible that those email address/password combinations are being used on other websites.
The danger is that once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain or, in this case, potential embarrassment.
If you believe there might be a chance that your username/password were exposed, or if you’re simply in the habit of using the same password for multiple websites – now is the time to change your habits.
The Gmail database is not congested, and Google is not asking users to confirm that their accounts are still active.
But, it seems that scammers are hoping that you might believe that’s true, according to one of the latest phishing attacks that has been spammed across the net.
Here’s what a typical email looks like:
Subject:De-Activation Alert!
Message body: Dear Gmail Account User,
Due to the congestion in our Gmail database, We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date. To confirm your account kindly fill the account verification form.
After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. [LINK]
We apologize for any inconvenience. Thanks & Regards, Engineer.J.Williams Upgrade Team Controller
As the link does point to a webpage hosted somewhere on Google.com, some computer users may believe that the form they are being directed to must be genuine. However, it is actually pointing to a spreadsheet on Google Docs – pages which can be created by any Tom, Dick or Harry.
And, in this case, a “Google account verification form” is attempting to trick you into handing over personal information – such as your name, full date of birth and password.
The eagle-eyed might spot the spelling mistake in the form (“confrim” rather than “confirm”) but you can hardly rely on the phishers making errors like that as a way of protecting yourself.
Why are the scammers using Google Docs to host their phishing pages?
Well, they hope that potential victims will believe it’s a genuine Google resource as it is hosted at an authentic Google URL, and that rudimentary security software won’t feel comfortable blocking the entire google.com domain. (Of course, good security software is smarter than this).
Users shouldn’t forget that a site like Gmail knows if you have been using it recently or not – because every time you log in or send an email a record is kept somewhere inside the Googleplex.
Not that Google is likely to run out of any storage space or plan to shut down any dormant email accounts any time soon by my reckoning..
As has been widely reported, high profile users of Gmail – including US government officials, reporters and political activists – have had their email accounts hacked.
This wasn’t a sophisticated attack against Google’s systems, but rather a cleverly-crafted HTML email which pointed to a Gmail phishing page.
Victims would believe that they had been sent an attachment, click on the link, and be greeted by what appeared to be Gmail’s login screen. Before you knew it, your Gmail username and password could be in the hands of unauthorised parties.
So, what steps should you take to reduce the chances of your Gmail account being hacked?
Set up Two step verification
Check if your Gmail messages are being forwarded without your permission
The hackers who broke into high profile Gmail accounts grabbed usernames and passwords. So, an obvious thing to do would be to make Gmail require an extra piece of information before allowing anybody to access your account.
Google provides a facility called “two step verification” to Gmail users, which provides that extra layer of security. It requires you to be able to access your mobile phone when you sign into your email account – as they will be sending you a magic “verification” number via SMS.
The advantage of this approach – which is similar to that done by many online banks – is that even if cybercriminals manage to steal your username and password, they won’t know what your magic number is because they don’t have your phone.
Once you’re set up, the next time you try to log into Gmail you’ll be asked for your magic number after entering your username and password. Your mobile phone should receive an SMS text message from Google containing your verification number.
Let’s just hope the bad guys don’t have access to your mobile phone too..
Here’s a video from Google where they explain two step verification in greater detail:
By the way, note that two step verification doesn’t mean that your Gmail can’t ever be snooped on by remote hackers. They could, for instance, install spyware onto your computer which could monitor everything that appears on your screen. But it’s certainly a good additional level of security for your Gmail account, and one which will make life much more difficult for any cybercriminal who might be targeting you.
Gmail gives you the ability to forward your emails to another email address. There are situations where this might be handy, of course, but it can also be used by hackers to secretly read the messages you receive.
Go into your Gmail account settings, and select the “Forwarding and POP/IMAP” tab.
If your emails are being forwarded to another address, then you will see something like the following:
That’s fine if you authorised for your emails to be forwarded to that email address, but a bad thing if you didn’t.
If your messages are not being forwarded you will see a screen more like this:
Hackers want to break into your account not just to see what email you’ve received up until their break-in. Ideally, they would like to have ongoing access to your email, even if you change your password or enable two step verification. That’s why it’s so important to check that no-one has sneakily asked for all of your email to be forwarded to them.
At the bottom of each webpage on Gmail, you’ll see some small print which describes your last account activity. This is available to help you spy if someone has been accessing your account at unusual times of day (for instance, when you haven’t been using your computer) or from a different location.
Clicking on the “Details” option will take you to a webpage describing the type of access and the IP address of the computer which logged your email account. Although some of this data may appear nerdy, it can be a helpful heads-up – especially if you spot a computer from another country has been accessing your email.
As we’ve explained before, you should never use the same username and password on multiple websites. It’s like having a skeleton key which opens every door – if they grab your password in one place they can try it in many other places.
Also, you should ensure that your password is not a dictionary word, and is suitably complex that it’s hard to break with a dictionary attack.
Here’s a video which explains how to choose a strong password, which is easy to remember but still hard to crack:
Don’t delay, be sensible and make your passwords more secure today
And once you’ve chosen a safer password – keep it safe! That means, don’t share it with anyone else and be very careful that you’re typing it into the real Gmail login screen, not a phishing site.
It should go without saying, but this list would be unfinished without it. You need to properly secure your computer with up-to-date anti-virus software, security patches and so forth. If you don’t, you’re risking hackers planting malicious code on your computer which could spy upon you and, of course, your email.
You always want to be certain that your computer is in a decent state of health before you log into a sensitive online account, such as your email or bank account. That’s one of the reasons why I would always be very nervous about using a computer in a cybercafe or hotel lobby. You simply don’t know what state the computer is in, and who might have been using it before.
Okay, I don’t really mean that. But I do mean, why are you storing sensitive information in your Gmail account?
The news headlines claim that senior US political and military officials were being targeted by the hackers. Surely if they had confidential or sensitive data they shouldn’t have that in their webmail account? Shouldn’t that be on secure government and military systems instead?
Always think about the data you might be putting on your web email account – because if it’s only protected by a username and password that may actually be less security than your regular work email system provides.
Twitter just sent out a Tweet notifying users that starting today, the startup is “rolling out an email notification that lets you know if someone you follow retweets or favorites one of your Tweets.”
Users currently receive email notifications when they receive a new followers and when they are sent direct messages. Emails notifying you of retweets and favorites, while convenient, seems like it could cause an email overload for some power users.
Of course, it is an interesting feature considering that Twitter is looking to make its platform more powerful for users, as it faces competition from other clients. What do you think—will retweet notifications be useful or will you find it to be spammy?
AOL and Google have taken their instant messaging partnership to a whole new level with complete interoperability between AIM, Gmail and Google Talk.
Gmail users have been able to access their AIM account through Google Talk since 2007, but AIM accounts couldn’t message Google Talk accounts and vice versa. The juggling of two different IM accounts has limited the usefulness of AIM within Gmail. Google announced inblog post though that the two companies have made some interoperability changes to their chat clients.
The first big change is that AIM users can now send messages to their Google contacts and vice versa. This works no matter what client a person is using, so they can IM a friend that uses AIM via Google Talk, Gmail, iGoogle, Orkut or any other Gtalk client. Gmail users will now see a prompt asking them to add their AIM buddies directly to Gtalk. Users will have to add @aol.com to the end of the AIM contact they are trying to add to make it work (e.g. screenname@aol.com).
Because users can add AIM contacts directly through Gmail, Google has removed the ability to sign in via AIM. This would normally be a problem for Google users that have hundreds of AIM contacts in their Gmail chat client, but AOL has created a tool to help them quickly add their AIM buddies to Gmail.
Why are the scammers using Google Docs to host their phishing pages?
The hackers who broke into high profile Gmail accounts grabbed usernames and passwords. So, an obvious thing to do would be to make Gmail require an extra piece of information before allowing anybody to access your account.
It should go without saying, but this list would be unfinished without it. You need to properly secure your computer with up-to-date anti-virus software, security patches and so forth. If you don’t, you’re risking hackers planting malicious code on your computer which could spy upon you and, of course, your email.
