Google Analytics

Saturday, February 25, 2012

Banjo on ... Security and Spoofing

People on the Internet that are out to take advantage of you look for any way possible to do so.  I'm going to show you one of their favorite scams.  This is already well documented, so I'm not showing the crooks anything new.

One trick is to show you a web link to your bank, then tell you to use that link to log into your account.  The link will look just like a valid link to your bank.  But it's wolf in sheep's clothing - it only looks like you are going to your bank - instead, it's sending you to the crook's site, where the crook presents you with a fake login screen that looks just like your banks login screen!

I'm going to show you an example, using a well known site - CNN's web site.  I'm going to show yo a link that says it's going to take you to CNN's web site, but instead, I'm going to send you to The Drudge Report.  I'm going to open both of these web pages in a new window.

Here's the real link.  It's actually going to open a window to CNN's web site.  http://www.cnn.com

Here's the fake link.  It's showing that it's taking you to CNN's site, but it's taking you to Drudge:  http://www.cnn.com

Here's another fake example.  Click here to go to CNN's Trusted Web Site.  Didn't take you there did it?  Or how about this fake link, Click here to go to YOUR Trusted Bank Site (of course, it would look like your actual bank).

Notice what I did here.  I gave you a convenience link to a site you want to go to, but I've spoofed you into actually going somewhere else.  It certainly looked like you were going to be taken to CNN's web site, didn't it?  And once you get to that site I want you to go to, you can easily be taken advantage of.

Get the way they are taking advantage of you?  They are showing you one thing, making you think you are going to your desired site, but they are taking you somewhere they want you to go, and are presenting you with fake logins to capture your private information.

So, don't go to a supposed link to your bank via an email sent to you.  If you feel the need to go to your bank, or somewhere else that a crook would love to have your account information to, then use your own independent method for getting to your bank!


Remember this rule:  never use a convenience link supplied to you in an email that is taking you somewhere involved with your money or valuables.  If you are going to somewhere you keep your valuables, then use your own unique method for getting there!


No comments:

Post a Comment