Posted by: Ken Harthun
Banking Fraud, Hacking, Phishing, Security, Skype
It seems that phishing attempts just keep increasing. Yesterday, more of my friends on Skype were sent this link:
http://miw.host.sk/www.skype.com/?id=79826&lc=us along with the usual broken-English message, “hi how are you, i send to you link please sign in ok.” Recall my posts on the Skype phishing/hacking last month, which you should read and apply first:
The first thing you have to learn here is to NEVER CLICK on any links sent to you in email, chats, Skype, whatever until and unless you have verified their source and authenticity. The link above is obviously fake to those of us in the know, but to a normal user, it looks like it came from Skype.
The second thing you have to learn is how to recognize these bogus links. The casual observer will see www.skype.com in what looks like the right place. It would be, except for the single slash in front of it. The web server treats anything after the “/” as a directory. What you have here is the real URL,
http://miw.host.sk, pointing to a directory called
www.skype.com which contains a fake Skype login page. You can ignore the
/?id=79826&lc=us. It doesn’t matter to anyone but the hacker. If you fall for this ruse, they get your password. This is typical of most phishing attempts.
The third thing you have to learn is that you absolutely MUST NOT use the same password for everything. If the hacker gets your password and is able to find out where you bank or find other sites that you log into, they will try that password out. In fact, the first place they are going to go is your PayPal account and heaven forbid if they know your PayPal email address!
You have two tools at your disposal to help combat this menace: OpenDNS and their excellent service, PhishTank. (I’ll do a separate post on PhishTank next week.) OpenDNS Basic is a free service that gives you all this:
- Reliable DNS Infrastructure
- Web Content Filtering
- Phishing Protection
- Basic Customization
- Typo Correction
Head on over there, sign up for the free account and learn how to set it up on your system. Once you have it set up, you’ll get a message like this if you try to visit a phishing site:
This is actually working with PhishTank to determine whether it’s a known phishing site. I’ll tell you how to join the community and help report phishing sites in a future post. Also, look for a video or two on how to configure OpenDNS and how to recover a hacked Skype account.