CHECK THE FRIGGIN URL BEFORE YOU LOGIN!
To my suprise the amount of people that click on links from unknown senders in emails suprises me. It suprises me even more how many people click on phishing emails with links to reset passwords or update accounts or any of the other GENERIC emails that get sent out by hackers every day. I figured by now everyone would be smart enough to actually type in the address of the bank or misc website directly and go to it that way to check if any action is required because thats what most of them tell you to do in the legit emails. Links are easy to spoof and so are websites.
I did a test on myspace a few months back by creating a spoof of the front page and then posting a bizarre bulletin post and I was amazed at how many people submitted there logins to my spoof page even though I even made the url retarded and not even close to matching myspace’s possible url’s. My account could have been hacked or anything, there could have been a exploit in myspace that made peoples accounts post that weird bulletin. I didn’t collect any ones information I just simply collected stats on how many clicked the submit button and it was a majority of my friends. The funny thing is because myspace checks all links now using mslinks or whatever it gave them a warning they were leaving myspace to another sites and they STILL did it. I guess it will always amaze me how lazy most people are. For most of them to figure out they where in the wrong place all they had to do was look at the URL bar at the top and see it had some weird ip address and nothing to do with myspace at all. Wether it be from them not knowing that or being just plain lazy and careless. If either is the case they shouldn’t be using the computer and entering private information anywhere.
I wrote a blog months ago about lazy passwords and it was about making more secure passwords and seperating them also. Well none of that matters if you just click on any link and enter your password anywhere a page asks you too. Maybe if I show an example of how easy it is to make a spoof page and how public it is it will make people think (probably not).
Below is a link to a site that tells people how to “hack” yahoo gmail msn and just about any other webmail service using the spoofing method. I put hack in quotes because it’s not really hacking its phishing, and its aparently a very simple way to get peoples passwords. The site contains tons of ads so don’t click on anything just read what it says. I didn’t catch any spyware or misc popups so it’s a safe link just don’t click the ad’s I don’t want that fucker getting paid 
Just read the artical and see how easy it is for someone to spoof and get your passwords if you just enter them anytime your asked for it.
http://www.gohacking.com/2008/12/hacking-yahoo-gmail-or-any-other-password.html
Now Like I said don’t click on any of the ads or links because I didn’t check external links. Just remember CHECK THE FRIGGIN URL BEFORE YOU LOGIN!
[...] more about sand boxing incidents and protecting yourself from to much damage. I wrote something on checking the URL awhile back too I would recommend reading its a long the same lines as this. VN:F [...]