Skip to main content

Are you Dumb enough to give away your password and confidential data anywhere on net??

Passwords are your keys to your online closets. You don't want people to intrude into your closet and let them do the nastiest things that you've ever thought of.


Do you think, yeah THINK before you enter your credential data like username and password anywhere on the net? Are you not afraid of entering your credit card details on net to do online shopping?

If you are smart, you'll most probably think before you do the things that I've asked above.

Lemme show you the example. There is a guy and he has a msn account and he wants to check if his female friend is blocking him or not after his last argument with her. He goes to some site like this below:

http://rbscienceclb.10gbfreehost.com/block.html
(this site will take him to some genuine site. Here, this site will take you to Nepal Telecom's official site. DON'T EVER GIVE YOUR REAL USERNAME and PASSWORD but you can try with fake one. It's interesting, how these phishers work and steal peoples informations)

He'll supposedly enter his msn username and password and click submit. He thinks his job is done.

On the other hand, the eavesdropper will supposedly get his username and password from this link below(at the backend):
http://rbscienceclb.10gbfreehost.com/data.txt

Are you surprised to see the stuff you've just entered few moments ago right on this second link? umm,.. that's how these phishers work.

www.ntc.net.np(for this example, I'm not endorsing that company at all) is the official site of 'Nepal Telecom' company and it's one genuine site. Many Nepalese people visit that site and people have rare chance to disbelief it's credential. It's obvious many people would fall for this trick as soon as they see the TLD of this site on their browser's address bar,they usually end up entering their important informations. Don't do that, just roll your eyes to full line on the address bar? Do you see something out there, it's called PHP/SQL exploits where phisher is successful to fully violate the insecure system. So, even if the domain name is genuine, it's fake page generated dynamically with the help of java scripts(it looks like the page is the part of the genuine site, which is not). As soon as someone inputs the data on such phishing site, the things he entered will be dynamically saved on some remote servers file system. Phishers could access that data in later time with ease.

The first link is bit unconvincing. If phisher is smart enough, he could have the anchor text to be like as genuine(ex: ntc.net.net/msnblockcheck.html)one. And, nobody would ever find what's going on.

My suggestion is try to check the address bar before you give any important details online. Because, it's irrelevant and obscure to see such weird and long lines just on the Login page. After you login, it's the session and cookie handling takes place, which means, it's okie to see such lines after you signed in. But when you are trying to give something online and you see, such long weird lines at first, it's time to get ALARMED and BE SMART? You could actually ask the company for that particular stuff you are facing and make sure everything(your data) is safe beforehand.


Coming to my second question on second para of this post, I'd suggest you to create a PAYPAL account. I'm not endorsing this paypal thing but it could save lots of hassles. I see the Paypal as the next credit card for online shopping. If you are afraid of giving your long credit card details everytime you shop online, it's time to shift to PAYPAL(there are other alternatives too but I'm focusing on it). Sign up for PAYPAL, get verified by integrating your BANK account with PAYPAL's system and now, you can shop easily. Just give your PAYPAL ID(don't bother about giving your entire credit card details) and make purchases(PAYPAL is still not adopted by many online shops but it's ever expanding as another option to make payment). If you want to pay, use your PAYPAL ID. Easy as 1-2-3. One thing to remember, these big companies would never ever send any ALERT mails to you. They would most probably affix message if that's so important (instead of mailing you on your email address) on your account login page. Consider this and you'll be safe from all those phishing scam mails which claims they are originated from the genuine site itself, which is not.


Thank you for reading.

idea src: KoolD@NepSecure@googlegroups.com
img src:http://buckeyesecure.osu.edu/pmwiki/uploads/SafeComputing/password_star.jpg
img src:http://www.websitesecurityinformer.com/wp-content/uploads/2007/11/phishing.jpg

Comments

Popular posts from this blog

जेनेरेटरबाट गाउमै कम्प्युटर कक्षा

त्रिवेणी र्-पर्वत, फागुन २८ - "जहा इच्छा, त्यहा उपाय " । प्रविधि मोहमा होम्मिएका पर्वतको दर्ुगम गाउ“ त्रिवेणीका युवाले यही उखानलाई चरितार्थ गरेका छन् । बिजुलीे पुग्न नसकेको दर्ुगम गाउ“का यी युवाले जेनेरेटर चलाएर कम्प्युटर सिक्न सुरु गरेका छन् । बेहुलीबास गाविसका दीपक काफ्लेले त्रिवेणीमा खोलेको ओम इन्स्िटच्युटमा यहा“का विद्यार्थी र अभिभावक कम्प्युटरमा झुम्मिन्छन् । इन्स्िटच्युटमा दैनिक २० जनाभन्दा बढी कम्प्युटर सिक्न थालेका छन् । एक जनाबाट महिनाको एक हजार पा“च सयदेखि २ हजारसम्म लिने गरेको काफ्ले बताए । सरकारले वितरण गरेको विद्युत् लाइन पुग्न नसके पनि लाखांै खर्चेर उनले जेनेरेटर र कम्प्युटर खरिद गरे । गाउ“लेलाई सेवा दिने र व्यवसायसमेत गर्ने उद्देश्यले आफूले यस्तो काम थालेको काफ्लेले बताए । 'सहरमा गएर यस्तै काम सिकियो गाउ“लेलाई पनि सिकाउने रहर लाग्यो,' उनले भने । सदरमुकामदेखि यातायात र सूचनाका लागि समेत निकै पछाडि परेको गाउ“मा स्थानीय व्यक्तिले नया“ प्रविधि सिकाउने कक्षा खोलेपछि जान्ने र सिक्ने रहर भएकास“गै रमाइलोका लागि पनि धेरै जना आउने गरेका छन् । काफ्लेका अनुसार

Prashant Tamang -A Nepalese in Indian Idol 3

CONGRATULATION !!!! PRASHANT FOR BEING INDIAN IDOL Here in US, we don't have Sony channel, may be there is but the region where i am, we don't have. Whatever ... am glad to hear that PRASHANT became an INDIAN IDOL. Update(Sept,12 2007): Prashant Tamang in Boudha Prashant Tamang is becoming sensation day by day as the final decisive day is approaching nearer and nearer. For his support, lots of people are convincing people to vote for him. People are relating his victory with nation's pride which i don't like. Besides, the communal attachment for him is growing day by day. It's only we mongolian face supporting him in Nepal. Like in Dharan and other different place of our country,people has put his banners, posters showing support for him. Yesterday, it was no moon day and i was lighting butterlamps in front of BoudhaNath stupa and suddenly i saw, there is huge banner of Prashant Tamang. Tamangs of Boudha has done this admiration for him. Normally, we see portrays

Do you have a Blogger(blogspot) Blog and do you know Google is deleting blogger blogs??

As usual, I was checking backlink tool to find some of the friends link (who has linked backed to me before) if they still have my link backlinked to me or not. Well, some of them didn't link back to me. I checked their site and the message I got upon visiting their blogspot(blogger) blog was something like "this blog has been deleted." As I was visiting some of the other blogspot blog, I found few of them got deleted too. I thought, may be they got over blogging. Recently more and more blogspot(blogger) blogs are unavailable or being deleted. Now, these things forced me to think why those blogs are being deleted. I usually check official google blog for any kind of stuff they are upto. Their blog was shut down too(it's some days before), they are online now though. But, it's quite eerie because this very blog of mine is hosted on blogger's server too. I don't know what happened to their official blog but it's confirmed news they are deleting blogs. M