Sunday, February 28, 2010

Phishing attack on bloggers

Last week i received an email asking if I'm in posting their ads. To check out their ADS Unit, i must click a Google Picasa Web album url. Curious, I clicked on the URL from the email and it forwarded me on a Google Account authentication page.

Hmm smells fishy. Remember that my wife’s yahoo account was hacked after someone from her friend’s hacked YM asked her to check out the pictures on his flicker. In just a minute, her username and password was harvested by the hacker and we have to call Yahoo just to retrieve the credentials.

You wont notice that this is a bogus page.

Capture2

http://picasaphotos21.t35.com/photoalbum.htm

hmmm, ok. Not your usual Google URL and looks like a subdomain of t35.com

Let’s check out www.t35.com

Capture3

Boom!!! t35.com is a free website service. So the hacker uses a free web service to host his fake Google Picasa page. The minute you entered your Google Account username and password it will be harvested.

How will you identify if the page is bogus or not? Here are some of the basic steps that you can use:

1. Google always use webpage SSL certificates. You will notice that the URL starts with https://…. instead of http://… on its page authentication.

2. Update your internet browsers. New browsers are intelligent enough if the SSL certificates is fake or not.

3. Always check the URL of the page. Most of the hackers uses free web service hosting to host their bogus site.

Internet security awareness will always save your butt and your hard earned ADS payments.

No comments: