Sunday, September 02, 2007

orkut phishing attempt

beware of the site orkutverification.awardspace.com - it's a phishing site that attempts to lure orkut users.

i received the link from someone on my orkut friends list, and it was a url that had an id at the end which identified my username, so i'm assuming it could figure out my username from the link.

based on the information i have, here's how it works:

  1. users are presented with a screen identical to orkut's login screen

  2. on signing in, the site opens its own connection to orkut.com

  3. it scrapes orkut for all available information (don't have any details on that) about the compromised user and his/her friends

  4. it then sends out a unique message to all of the user's friends, asking them to view the site. it gives a unique url, so it knows which user clicked the link, and even displays the username in the login box, the way google does

  5. if anyone is fooled by this and logs in, the process continues from step 2

reasons why you should be concerned:

  • your google account isn't used ony for orkut, but also for a lot of other things like gMail, gTalk, blogger, personalised search (freaky!!!), gReader...the list goes on!!!

  • many orkut users put up private information such as their date of birth, address, telephone numbers, etc on their orkut profiles and make the information visible to only their friends, assuming that friends can be trusted not to misuse the information. that assumption is not valid anymore, now that this phishing site can also act on behalf of your friends (i'm a victim of this assumption too...and i still don't know how much info has been leaked. it's very scary)

  • the worst part is that one person's ignorance can lead to leaking private information of all his/her friends, without their control at all, and they have no easy means of preventing it, short of deleting that information from the site

  • you probably don't have your credit card number posted on your orkut profile, but you've probably received some mail or the other from your bank/credit card company. if you use gMail, and archive all your mail (just like i do)...well...you can do the math :)

steps to prevent this:

  • always look at the address in the address bar before signing in. phishing attempts usually use similar URLs, so you may need to look carefully.

  • never enter your login info on any third party site, no mater what that site claims to do for you. i have endless friends who have done such things, usually for the sake of automatically inviting all their friends to some new social networking site. what they don't realise is that the addresses and all other details of all their friends (including the ones who didn't join up) are stored in a database somewhere, awaiting further abuse

  • do not click on links starting with a "javascript:" in the URL. this is rather tricky, since you may need to hover your mouse over the link and look it up in the status bar of your browser. quick and dirty, but not foolproof.

  • the safest precaution when clicking links on a site that contains your confidential info is to copy the link (usually right click -> "copy link" does the trick) and paste it into your address bar. if it contains "javascript:", or if it links to an external site and contains a "?" somewhere in the link, do not hit enter and open it. this only applies to user posted links (links in scraps/messages/emails/blogs/blog comments/profiles etc)

  • for the above mentioned suspicious links, (atleast the ones containing a ?), try opening the link in a new browser window, and delete everything starting from the ? to then end of the link. that ensures that the new site cannot identify who you are or where you came from.

  • read http://hoaxbusters.ciac.org for more anti phishing, anti spamming and hoax spotting techniques

  • last of all, but definitely most important, when in doubt, DON'T CLICK!!!!

5 comments:

Wizard said...

I expected the firefox anti phishing to detect this but it did not, so i reported it. you can do that too. IE7's phishing filter did detect this. i wonder if any of the anti-phishing internet security tools detect this (norton or mcafee etc)

The Shmoo said...

whoa :O
Thanks Kris :)

Aliean said...

well.. i was suspicious abt the link so still went ahead with it to check out how strong my anti virus is.. n well it failed.. so macfee for sure still do not have a security measure for it..

Kris said...

i hope you didn't check it by actually entering your correct username and password :D

Flo said...

u shud thank Mani n ne1 else for telling ever1 else.
ppl misuse orkut n then the powers tht be decide to bring it down.

half a year

it's been exactly half a year since shruti and I took the biggest step of our lives. the memories are still as fresh as ever. but scratc...