Please Enter Your Name and Password
Do you always know for sure where you’re entering your name and password?
This week many of my friends on Facebook reported getting stung by yet another hacker trick to get someones name and password. Many received an Email with a message about something new on Facebook and received a link which appeared as it if was Facebook. Surprise, surprise it turned out to be a completely different website that just looked like the Facebook login page.
Simple tricks like this remain the most common distribution methods of deceptive programs and ID theft on the Internet. Once someone has your name and password, they have access to your valuable contact list. Your unsuspecting friends will start to recieve similar invitations and even downloadable files with every possible kind of malware. Many of your contacts will trust an attachment because they think it comes from somone they know.
While this is a typical phishing senario, there are many other ways to give away your name and password. Many social networking sites will want you to give them your Email and password so they can collect information on your contacts and provide you with a better experience. While I’m sure some of them are legitimate and trustworthy I say Don’t Do It. I have no reason to believe my example below from Facebook is devious but I still think it’s a bad idea.
This is typical of many social networking sites including LinkedIn and Twitter. Some are more aggressive and trickier than others. Twitter has a lot of new 3rd party tools popping up so it has been the target of many new scams to obtain name and passwords. Don’t just try a 3rd party tool for Twitter just based on Tweets from your friends. It’s always possible the people doing the recommendation have had their accounts compromised.
While I’m on the subject, let’s talk about your password. Do you use the same password at multiple locations? Come on, I know you do and it’s another really bad idea. Even if you don’t fall for one of the tricks I’ve mentioned your name and password could be compromised by some other method. The first thing a hacker will do is try the same password to access PayPal, eBay, gmail, hotmail, AOL, banks, credit card sites, Facebook, Twitter etc… Not only could you lose money, anything they say or post online using your name will exist forever.
Yes, it can happen to everyone. Check out what Steve Bass had to say in his TechBite newsletter.
Password Disaster: My PayPal Account was Hacked.