LifeLock Blog

Phishing websites are big problem on the internet. Deviant individuals make a website that looks just like the login to Twitter, Facebook, Myspace, banking websites, and others. The victim thinks they are logging into their account on the given site but really they are sending their username and password to   the criminals.

Lucky for you there is a easy way to spot a phishing website, and that lies in the URL of the website. Whenever you are asked to login to a website, especially if you clicked a link and was asked to login, take a look at the URL of the website. Whatever comes before the .com, .net, .org or whatever is the actual site you are visiting. If you go to a site like the one in the image above the website you are visiting is secure-login01.com and the subdomains, which can be anything, is videos and twitter. They try to make you think you’re logging into twitter by making a subdomain called twitter on their website  secure-login01.com. Don’t fall for it! There can be only one twitter.com so unless the url was twitter.com at the end it’s not the real site.

Criminals use these sites that look just like the real login to steal your username and passwords that could be used to get into other accounts including your bank account. Many people who are ill-informed will use the same password for several or all websites they login to. This is a bad idea because now they have your password to all your accounts and only need to discover your username which also might be the same as your already stolen username.

So remember to look at the URL of a website that you are about to login to. It takes just a few seconds to confirm the URL is correct and could save you a lot of heartache in the long run. If you have a doubt  that the Url is correct leave the site and type it in manually or follow your bookmark that you know points to the real site.

A hacker let himself in through an unlocked virtual door at RockYou Inc and walked off with more than 32.6 million login names and passwords for users of Facebook, MySpace, Friendster and other social networking sites.

The login information was unencrypted and virtually unprotected, and, according to ComputerWorld, the users’ names were the same as those of the users’ Gmail, Yahoo, Hotmail or other web mail accounts. Though few people include Social Security or financial accounts information on their social media sites, any of that information in users’ web mail accounts could be accessed with accessed information.

RockYou says more than 130 million unique users take advantage of their tools for social media sites every month, including applications and services for greeting cards, horoscopes, games, emoticons and photo uploads and slideshows.

A segment of the database was posted on the hacker’s website along with his claim that he accessed 32,603,388 accounts, including their unencrypted, plain-text passwords. He warned RockYou, “Don’t lie to your customers, or i (sic) will publish everything.”

The data breach was discovered after database security firm, Imperva Inc, warned RockYou that hackers were using a serious error in their system to access to RockYou’s massive user database. At least another day passed before RockYou brought down the site, according to Imperva. RockYou said in a statement they immediate brought down the site and addressed the problem.

More than 285 million records were compromised in data breaches last year, and more than 50% of all breaches required little or no technical skill, according to the Verizon Business 2009 Data Breach Investigations Report. The investigators also reported that 83% of all data breaches could have been prevented last year if the victims had employed simple, inexpensive controls.