Saturday, November 28, 2009

Is this a trap or a true warning?

My friend Ash set me this...read it, it's important.



I got this message about signs that your profile had been stolen, and you're doing the crazy bulliten thing. So here's the instructions on how to fix it.



Have you noticed weird or multiple bulletins posted by your friends lately?



Instead of surveys and games, it looks like they're advertising ringtones for songs they don't even like, or telling you to smoke pot when they're not even a pot smoker?



If so, it probably means their MySpace profile has been stolen, and yours could be next.



Profile thieves are stealing MySpace profiles left and right so they can spam other people, and in some cases, they manage to steal more than just your MySpace.



Here's how they usually steal it:



They post a message, bulletin, or comment containing a Flash file. It might be disguised as a game, or lately there's one that says, "Click here if you like to smoke pot." But in reality, it's just a trap to steal your MySpace.



Without you realizing it, the Flash file automatically redirects you to a different website where the thief has set up a copycat of the MySpace login page. What it looks like to you is, "Oh, stupid MySpace logged me out again." And so you enter your username and password, and bingo -- they just stole your profile. Since you were on a copycat site, it didn't log you in. It just stored the email and password you entered in a big file, and now that profile thief is going to use your account to spam people.



But the danger doesn't end there. The person who stole your profile knows that you can always change your password and lock them out of your account. So now, they try to take over your profile entirely. If they see your email address ends in yahoo.com or hotmail.com, they go to your email login page and try to log in to your email account with the same password. Many people use the same password for their email account and their MySpace profile, and if you're one of those people, now the thief has access to your email, too.



And check this out -- once they have access to your email, they can start sending lost password requests to PayPal, AIM, Yahoo Messenger, eBay, or anywhere else you might have an account, and they can now reset your passwords on other systems, and even change the email address on your MySpace profile to their own address so you can never log in again!



Don't be fooled into thinking that MySpace will let you back in to your profile once it gets stolen and you can no longer log in.



If this happens, MySpace will ask you to send a digital picture of yourself so they can see if you are pictured in the account that you say was stolen. If the spammer has deleted all of the face pics in your profile (which they usually do), then MySpace won't do anything at all because you have no way to prove the profile is really yours.



But if they see your picture in the account you say was stolen, MySpace still won't give you access to the account -- they'll just DELETE IT. And now the spammer can't use it anymore, but you will have lost all of your messages, photos, and comments and you'll have to start all over again.



Here's how you can protect yourself from profile thieves:



1. Change your MySpace password right now. Even if you haven't seen weird bulletins yet, your account info may have been stolen already and the thief just hasn't used it yet. They steal thousands of profiles at a time, and yours could be sitting in some spammer's list just waiting to be hijacked.



2. Change the password to your email address right now. It's no good just changing your MySpace password, because if they can get into your email account, they can still steal your profile.



3. IMPORTANT: Make sure your new email password and your new MySpace password aren't the same!



4. Never click on a link in a bulletin, message, or comment that looks suspicious. It's probably a trap to steal your profile.



5. If it EVER looks like MySpace has logged you out, don't enter your email and password. Instead, type 'www.myspace.com' in the address bar and hit enter to make sure you are still on the real MySpace website and not a copycat site.



6. If you see weird bulletins showing up from your friends, message them right away to tell them their profile has been stolen and advise them to change BOTH their MySpace password and their email account's password. Most people don't see the bulletins their account is posting until it's too late.



7. COPY AND PASTE this whole message into a new bulletin.



Let's keep profile thieves from stealing our profiles and our friends'



Is this a trap or a true warning?

This is a common form of identity theft, known as "phishing"



A criminal sets up a legitimate-looking website in hopes of tricking the user into supplying secure information. It's a big problem on the internet. I get the occasional email from somebody claiming they're my bank to "log in and correct some account information" Of course, it's just a scam, but dangerous nonetheless.



Additionally, because people have so many registrations with so many websites, they try to simplify things by using only one login/password combination, which is insecure.



My suggestion is to follow the instructions above. Additionally, browsers are implementing features to combat phishing (I know Firefox 2.0 is supposed to help thwart this kind of attack)



Is this a trap or a true warning?

It's a warning.

No comments:

Post a Comment

 
dedicated server