NotreVie.ca » scam

Tentative d’hameçonnage en message privé Twitter

Mon, 17 Oct 2011 17:55:37 +0000

Je viens de recevoir un message privé d’une des personnes que je suis sur Twitter. Le message va comme suit :

Hey theres a bad blog going around about you, seen it yet? http://bif.me/e26Zqe

Cette personne écrit généralement en français, donc déjà une lumière rouge s’est allumée dans ma tête. Puis j’ai fait une recherche Google pour les mots « bad blog going around » et le premier résultat a confirmé ce que je pensais. C’est bel et bien une tentation de « phishing » ou, pour les amoureux de la langue française, une tentation d’hameçonnage.

Si vous cliquez sur le lien, vous serez dirigé sur une page qui semble être la page de connexion de Twitter. Mais portez attention à la barre d’adresse. Vous n’êtes pas sur le site twitter.com, mais bien sur twittelr.com. Donc si vous faites avoir et que vous entrez vos nom d’utilisateur et mot de passe, vous donnerez ainsi aux créateurs de cette page votre accès Twitter. Ils pourront ainsi entrer dans votre compte et envoyer le même message privé aux gens qui vous suivent, et ainsi, faire d’autres victimes. Sans compter le fait qu’ils pourront évidement « tweeter » tout ce qu’ils veulent sur votre compte et changer votre mot de passe pour que vous ne puissiez plus vous connecter. Un léger emmerdement, vous en conviendrez…

Si vous vous êtes fait avoir, suivez ces instructions pour changer votre mot de passe ou récupérer l’accès à votre compte

Ce genre de « scam » est de plus en plus répandu sur le net aujourd’hui. Il faut donc être très vigilant lorsque vous entrez vos noms d’utilisateur et mot de passe. Assurez-vous de toujours vérifier que vous êtes bel et bien sur le site où vous croyez être. Un simple coup d’oeil dans la barre d’adresse vous le confirmera.

Mon nom est Marc-André Lanciault, et je suis un père, un mari, et un entrepreneur. Je dirige Karelab, et nous aidons les entreprises à augmenter l'engagement et la reconnaissance de leurs employés. NotreVie.ca est mon blogue personnel, où je parle de mes passions: la business, le leadership, la famille, le bonheur et la techno.

]]>

Facebook app tries to steal your login credentials

Tue, 18 Jan 2011 19:53:01 +0000

I received another beautiful phishing scam today. I’m used to receive those from fake Paypal emails, from fake Facebook emails or from a fake bank, but this was actually the first time I saw one within Facebook itself. Giving that Facebook now has more then 600 million users, and that the site itself is incredibly viral, those kind of fraud could be amazingly successful. This is why I think we need to talk about it as much as possible so we can educate as many people as we can.

So here is what happened. I received a notification from Facebook that someone had posted a message on my wall. A legitimate email. Someone did really post on my wall. Then a few seconds later, I received the very same email. In less then a few seconds, the very same person posted on my wall, the exact same message. This is the first sign that should tell you something is wrong. Another interesting fact, was that this person does not post on my wall very often. Second sign.

So I went to my Facebook wall, and here they were: the 2 identical messages:

Now, let’s look more closely at those messages. First, they look spammy: a generic message trying to make you curious, and insinuating that there would be photos of you in a weird situation. Of course, anyone would want to know!

Then, let’s look at the link. First, just under the link, we can see that it is a Facebook app: we can see app.facebook.com. Putting my mouse over the link « Check your video out… » I can see in the status bar of my browser (bottom left) that it points to apps.facebook.com/crazynessright. So the name of the app is « crazynessright ». I took 3 seconds to google it. Nothing found. This is the third warning sign: if you develop a Facebook app, you will promote it on the web. If I cannot find any reference to a Facebook app on Google, then something is wrong.

But let’s click on the link anyway, just to see :-). When you do this, you are brought to the usual permissions window where you would have to give the application some permissions. But the interesting thing is, that window only stays there for a second and then you are redirected to the masterpiece of this scam: the phishing page:

This page looks exactly like a typical Facebook login page with the exception of one error. It’s funny how these guys are never able to get it perfectly right ;-). Look at the bottom left. It says « Facebook © 2010″. We are in 2011 folks, and on the real Facebook, it says 2011 ;-).

But the real way to easily find out that this is a scam: look at the adress bar. ALWAYS look at the address bar. If you are on the real Facebook site, the domain name will be facebook.com. If it’s a scam, it will NEVER be on facebook.com. And what do we have now ? j48aj22la.com. Nice domain name, wouldn’t you say ?

When you see this, close the window, and get back on the real Facebook site :-).

Now, what are they trying to achieve ?

Very good question. You see, most people, when they see a login screen looking like a site they know, they will intuitively enter their username and password. And of course, since it’s a scam, it gives to the criminal minds who developed this fraud, your Facebook username and password. And with this, they can do anything they want. They can send private message to your friends, they can change your profile, and of course, they can post on all your friends’ walls and try to get more victims…

What do I do if I did give them my username and password ?

Another excellent question. First of all, you should NOT do it again :-). Then, click on this link: http://www.facebook.com/hacked and follow the instructions. This will secure your account and ensure the hackers can do nothing more with your account.

Hope it helps someone! Please share your comments below if you have any. Thanks!

]]>

Another fake Paypal email

Tue, 21 Dec 2010 19:57:47 +0000

I was surprised this morning to see in my inbox, a receipt for a payment I made with Paypal. I have a few subscriptions setup so it’s normal that I receive those every month. But the title of the email said: Receipt for Your Payment to Plimus Ltd. Primus ? What is this ? I opened the mail and it really looked like a legitimate email from Paypal. It got the Transaction ID, the Order #, everything was telling me that this was a real transaction.

But I really did not remember any purchase at Plimus… So I looked at the email a little more carefully. Then I saw some interesting things :-). First, the From address was [email protected]. This is not a paypal.com address. First strike. Then, in the middle of the email, there was a CANCEL TRANSACTION! link. Paypal email never display this kind of link. Strike two. Finally, hovering the mouse over this CANCEL TRANSACTION link, we can see on the botton left of the screen that this link actually points to ns.lancaster.com. Not a Paypal domain. Strike 3, you’re out! See screenshot below.

You see, it was not very hard to discover the scam, but we need to be careful and never assume that an email sent from a financial institution is real, until proven otherwise.

]]>