http://www.digitalfiz.com/hax/secondlife.php

Now normally a phisher would setup sub domains so you would see something like https://secure.secondlife.com.phishingsite.com/login.php or something similar to fool people who pay a little more attention. If you went to that site and tried to login you should have seen the page that told you when the information was stolen. Again I didnt log any information you may have put in that fake login page but I would hope you didnt use your real information anyways.

The best most secure way to make sure you never fall victim to a phishing site is to go to the site directly. Like if your logging into secondlife go to secondlife.com and login then try the page you clicked on again. If its the correct and safe site it will notice you logged in elsewere and redirect accordingly. You should NEVER EVER put your information into a page that comes up from a link given to you by anyone or anything. It is easy to spoof urls in emails and messengers and make you think its the right site when its not. Also you can check the sites security certificate to validate that its actually secondlife or whatever place your trying to login to. Like if you go to https://secure-web20.secondlife.com/my/account/login.php you should see a lock either in the bottom right corner or up but the url bar you can click on to see the security certificate and who it belongs to. Also make sure that the url in the url bar starts with https:// if it doesn’t then its more then likely a fake site. I don’ know many sites anymore that dont make you login via a secure connection.

One thing I would like to point out about friendships and security. You have to remember that just because a link in an email or messenger or any other type of message from a friend ISN’T safe. You always have to think “what if they have been hacked already” because thats how these things spread. People think oh its from johnny he is my best friend its safe and BAM they are a victim too and it spreads like wild fire. Thats why I said never login to pages you clicked from anyone or anything. Always ALWAYS go to the site directly and login first. I would also suggest reading my older post about lazy passwords to learn more about sand boxing incidents and protecting yourself from to much damage. I wrote something on checking the URL awhile back too I would recommend reading its a long the same lines as this.

I did a test on myspace a few months back by creating a spoof of the front page and then posting a bizarre bulletin post and I was amazed at how many people submitted there logins to my spoof page even though I even made the url retarded and not even close to matching myspace’s possible url’s. My account could have been hacked or anything, there could have been a exploit in myspace that made peoples accounts post that weird bulletin. I didn’t collect any ones information I just simply collected stats on how many clicked the submit button and it was a majority of my friends. The funny thing is because myspace checks all links now using mslinks or whatever it gave them a warning they were leaving myspace to another sites and they STILL did it. I guess it will always amaze me how lazy most people are. For most of them to figure out they where in the wrong place all they had to do was look at the URL bar at the top and see it had some weird ip address and nothing to do with myspace at all. Wether it be from them not knowing that or being just plain lazy and careless. If either is the case they shouldn’t be using the computer and entering private information anywhere.

I wrote a blog months ago about lazy passwords and it was about making more secure passwords and seperating them also. Well none of that matters if you just click on any link and enter your password anywhere a page asks you too. Maybe if I show an example of how easy it is to make a spoof page and how public it is it will make people think (probably not).

Below is a link to a site that tells people how to “hack” yahoo gmail msn and just about any other webmail service using the spoofing method. I put hack in quotes because it’s not really hacking its phishing, and its aparently a very simple way to get peoples passwords. The site contains tons of ads so don’t click on anything just read what it says. I didn’t catch any spyware or misc popups so it’s a safe link just don’t click the ad’s I don’t want that fucker getting paid Just read the artical and see how easy it is for someone to spoof and get your passwords if you just enter them anytime your asked for it.

http://www.gohacking.com/2008/12/hacking-yahoo-gmail-or-any-other-password.html

Now Like I said don’t click on any of the ads or links because I didn’t check external links. Just remember CHECK THE FRIGGIN URL BEFORE YOU LOGIN!

Group 1 – would be for financial sites. This is your most important information and should be separate from anything else you do. In all reality you should have a different password for each financial site you are on. But if your a lazy user separating financial sites should be good enough.

Group 2 – this group would be for social networks. Since social networks get hacked a lot and people often fall victim to phishing pages/emails it is a good idea to keep the password for those separate. These are probably the most dangeous places because they are so insecure. Now again it is still good practice to keep a different password for every place you go to keep things the most secure.

Group 3 – Pretty much everyplace else. After the previous 2 groups all other sites are up to your discretion those are just the 2 main ones.

Now remember that I am in no way saying that this is the way people should do things but if your not going to do it right at least do it in a “safer” manner to prevent yourself from getting totally fucked. Really it is best to have a different password for each place you go and the password should be 8-10 characters long (the longer the better) and have at least 1 uppercase letter and at least 1 number. Now remember there is no such thing as a full proof password. Any password with time can be cracked but the harder you make it the more chances that hacker will give up out of bordom. Unless you really pissed someone off then you really don’t have to worry unless the database is cracked which goes back to why its a good idea to use a different password for each place you go to.

/end/