To The Last Tribe Consulting

Tag: Phishing

Excuses + Facebook Spam

by admin on Sep.23, 2008, under Uncategorized

Well, here is my excuse for taking so long to post: My wife and I drove 3k miles from California to South Carolina, to my home church.  So now that we are settled here in SC for the next 5-6 months, I will be writing more regularly, hopefully. :)

I thought I would add a short reminder for those of us who have facebook accounts, or any other kind of social networking accounts: We must always be viligent.  Take facebook: within the past 2 months, I have had 5 friend’s accounts post spam on my wall.  You know the kind:

Then, when you go to the blogspot, it redirects you to a phishing site, very well-done to look like facebook (check out the URL, that was how I figured it out).

One problem for this site though: Firefox’s Phishing Filter caught this  site and you can see the results:

But you say, I would never fall for that!  If I wasn’t specifically looking for this kind of stuff, I think I might have fallen for it–Because when you click on the spam link (which can look fairly legit), the phishing site for facebook comes up.  What do we do? Ohh man, something messed up with facebook, again, and I have to put in my username/password, again… And we do.

“So what’s the big deal,” my wife asks? “He can get into my facebook account.” “Ok,” I answer,” what email do you use for facebook login? Your gmail? Is your password for your gmail perchance the same as your facebook password? It is? hmmm… Is your gmail the email you use for your online bank?  It is, ok.  So you receive email every once in a while from the bank.  (In other words, if the attacker scans through your email, he can find where you do online banking.)  So now, if the attacker resets the password at your online bank account, where does that password get email too? ohhh, your gmail account!”  You start to see how crazy this could get?  Yes, online banks are finally starting to force other “security questions” as part of their online authentication, but if you have had the account before they started that, odds are that you haven’t setup the questions yet.

To top off the previous scenario, if the attacker gains access to all that data, he has a ton of information to mine to create a profile of you, to make it easier for Identity Theft.

Hey, just because I’m paranoid doesn’t mean that aren’t after me!

Josh

Leave a Comment :, , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

Archives

All entries, chronologically...