Lets go phishing!
I want to show everyone how easy it is to be faked into giving your information away to a phishing site. To do so I will fake the secondlife login page since its most relevant to recent events. I will give the link after I explain a few things. First off to play with it don’t put your real SecondLife login information in please. I wont be logging information or collecting logins but I don’t expect or want you to trust me on that. This page I will post is what I call a transparent phish. It will take your login information and forward it directly to secondlife and put you on the proper page as if you logged in for real and you wont even know the information was stolen. This page took me all of 30 seconds to make so you should know its easy for hackers to make these pages to get your information.
http://www.digitalfiz.com/hax/secondlife.php
Now normally a phisher would setup sub domains so you would see something like https://secure.secondlife.com.phishingsite.com/login.php or something similar to fool people who pay a little more attention. If you went to that site and tried to login you should have seen the page that told you when the information was stolen. Again I didnt log any information you may have put in that fake login page but I would hope you didnt use your real information anyways.
The best most secure way to make sure you never fall victim to a phishing site is to go to the site directly. Like if your logging into secondlife go to secondlife.com and login then try the page you clicked on again. If its the correct and safe site it will notice you logged in elsewere and redirect accordingly. You should NEVER EVER put your information into a page that comes up from a link given to you by anyone or anything. It is easy to spoof urls in emails and messengers and make you think its the right site when its not. Also you can check the sites security certificate to validate that its actually secondlife or whatever place your trying to login to. Like if you go to https://secure-web20.secondlife.com/my/account/login.php you should see a lock either in the bottom right corner or up but the url bar you can click on to see the security certificate and who it belongs to. Also make sure that the url in the url bar starts with https:// if it doesn’t then its more then likely a fake site. I don’ know many sites anymore that dont make you login via a secure connection.
One thing I would like to point out about friendships and security. You have to remember that just because a link in an email or messenger or any other type of message from a friend ISN’T safe. You always have to think “what if they have been hacked already” because thats how these things spread. People think oh its from johnny he is my best friend its safe and BAM they are a victim too and it spreads like wild fire. Thats why I said never login to pages you clicked from anyone or anything. Always ALWAYS go to the site directly and login first. I would also suggest reading my older post about lazy passwords to learn more about sand boxing incidents and protecting yourself from to much damage. I wrote something on checking the URL awhile back too I would recommend reading its a long the same lines as this.