Dont Click The Link Part One

Don’t Click The Link.

My wife has become more ‘Tech Savy’ and no longer randomly clicks links. This is also a trait she has thankfully passed on to her family. The result being every now any again i get something sent to me to have a look at.

Any links displayed in this post were / are malicious. Visiting the sites on your own may infect your Computer

This is not designed to be a technical post more of an ‘I do this so you don’t have to.’ I have full packet capture of the session and a closer look at the hosting infrastructure so if anyone wants this information let me know.

This is the message i received. There are quite a few tell tale signs that this isn’t really a message from The Facebook Team TM  !!!

There are some technologies that are designed to help you detect bad sites. I use McAfee SiteAdvisor. As you can see from the green tick McAfee think this site is OK. Let this serve as a warning, Blind Trust on the internet is never a good thing. Unless you heard it from me :).

If you were to click on the link you are lead through a series of pages pretending to be Facebook and asking you to enter details designed to relieve you of your accounts, your cash and even your entire identity if the bad guys are that serious.

This video shows you the level of detail the bad guys apply to their fake sites in an effort to trick you.

[youtube id="2Pe8hQYQwbY"]

Recognize a Fake Site.

Despite the effort the bad guys seem to put in to this, i have yet to see a perfect example. Here are a few tips you can use to spot them.

  • Look at the URL if it doesn’t match the name of the site you expect to be on then your probably not on the right site.
  • Consider what information is being asked. Does Facebook really need your email password?
  • Look at the grammar used. Most of the sites are translated from other languages which makes for some interesting sentences.
  • When entering Sensitive information in to a site look for the HTTPS:// and the Padlock

If after all this your still tricked in to entering some details all is not lost. The quicker you act the sooner you can prevent any major catastrophe.

In no particular order.

  • Change any passwords that you entered. If your locked out of the account contact the site help desk for assistance. Most social networking sites have a section devoted to ‘Hacked’ accounts.
  • Check additional Sites and accounts, with access to your email account the bad guys could reset your Amazon / Paypal / Ebay.
  • Contact your Bank or  CC provider and inform them that your card numbers are likely compromised.

This spam message leveraged social engineering techniques to convince you to voluntarily hand over sensitive information. In the next post ill show some examples where the Bad Guys are not reliant on you providing the information.

They take them by force.

As usual questions, queries, comments below.

Any links displayed in this post were / are malicious. Visiting the sites on your own may infect your Computer