LifeLock Blog

I think everyone knows what a phishing site is. For those of you how don’t it’s when a deviant character creates a website that looks a exactly like a website you may have a login for. When you try to login using your information what you are really doing is giving the bad guys your login information.

Many people out there can spot a phishing site primarily due to the URL, which will not be correct. A new phishing strategy has popped up and I thought you all should know about it. It’s called Tabjacking, and works something like this. You click a link and a page loads perhaps showing you what you expected to see. Then when you switch into a different tab the page loads a phishing site for example gmail. You may return to the tab, forgetting what was there, and think to yourself “why gmail is logged out” and log back in.

I have so many tabs open all the time that I would for sure forget what I had loaded and might even fall for this trick. You don’t think to check the URL when you have already loaded the tab and that’s the problem. This trick only works in Firefox as far as I know, but I’m sure there are ways to get it working in other browsers as well.

What to look for!

Always check the URL, when logging into anything, to ensure it’s the right website. If you need some instruction on how to spot a phishing site visit my other post on the issue.

Use password tools to protect yourself from phishing sites. I use LastPass to store all my passwords. It automatically fills in my passwords. So if I was to visit a phishing site it wouldn’t fill in the passwords because it knows what the real websites URL is supposed to be.

Keep your eyes open for this kind of thing. You don’t want a phishing site to lead to an identity theft or access to you bank account. Some of the favorite site for thieves to duplicate include banking websites, social sites, and email. Don’t be a victim, know what to look for.

Phishing websites are big problem on the internet. Deviant individuals make a website that looks just like the login to Twitter, Facebook, Myspace, banking websites, and others. The victim thinks they are logging into their account on the given site but really they are sending their username and password to   the criminals.

Lucky for you there is a easy way to spot a phishing website, and that lies in the URL of the website. Whenever you are asked to login to a website, especially if you clicked a link and was asked to login, take a look at the URL of the website. Whatever comes before the .com, .net, .org or whatever is the actual site you are visiting. If you go to a site like the one in the image above the website you are visiting is secure-login01.com and the subdomains, which can be anything, is videos and twitter. They try to make you think you’re logging into twitter by making a subdomain called twitter on their website  secure-login01.com. Don’t fall for it! There can be only one twitter.com so unless the url was twitter.com at the end it’s not the real site.

Criminals use these sites that look just like the real login to steal your username and passwords that could be used to get into other accounts including your bank account. Many people who are ill-informed will use the same password for several or all websites they login to. This is a bad idea because now they have your password to all your accounts and only need to discover your username which also might be the same as your already stolen username.

So remember to look at the URL of a website that you are about to login to. It takes just a few seconds to confirm the URL is correct and could save you a lot of heartache in the long run. If you have a doubt  that the Url is correct leave the site and type it in manually or follow your bookmark that you know points to the real site.

Phishing scams are one of the easiest ways to get personal information from people. If you can’t steal information from the public trick them into give it to you. Phishing scams are website that request personal information from you who pose as a legitimate company or organization. They typically prey on people’s fear of hackers and password security to motivate their victims to visit the fraudulent website and enter their information.

H1N1 and the CDC is no exception. A phishing email and website has gone viral and has reached a lot of people telling them they need to fill out a Personal H1N1 Vaccination Profile. The website asks for personal information as well as health information. The site also has links on it that install viruses on your computer, which also might be something spreading the emails around.

The best way to prevent phishing attacks is to be skeptical of links in emails and be aware of the URL you visit when going to a website. You can do a simple search for the company like the CDC to find the real URL of the company. This is a good way of checking whether or not a website is real or not. Having said that never give out personal information on a website unless you know for certain it’s a legitimate business or organization that is going to protect it.