Orkut, Targeted Phishing Gaining popularity

Orkut is now the playground for all kind of ammeter hackers. The main reason for this is huge number of lo fi users and relatively low control measures by orkut. What do I mean by lo fi users, these are new users with minimum knowledge of even common hacking methods.

Now the new kinds of attacks are targeted one's, that is for a purpose . The commonly targeted users are either community owners of large communities , people with a huge friend list. People owning many active communities etc. The usual attacks are all common Phish attacks, that too age old one's.
Why are these users targeted? The answer is simple to get hold of the capacity to communicate directly with their friends list or community member's lists. These are usually advertisers trying to make direct communication channels with users. Some do it just for the sake of it.

What ever the hackers porpoise following some common tips will keep you safe from loosing your password:-

  • Always check the URL for authenticity, it should be www.orkut.com/ after the '/' it can have other stuff but the after http:// it should always be www.orkut.com/ only after this should anything else come. Do not log in if it is any thing else. The hacker will get your user name and password if you try to log in.

  • Google staff will never scrap or send you a mail, that too never from a Gmail account. They all have official @google.com email id or @googlemail.com id's so never give your password or anything to any one claiming to be Google staff on orkut.
  • Never give your password to other like friends or family because they might loose it out of the chance of such attacks working increase many times as the number of people using the same account increase because simply that there is more chance that one of them might mistakenly fall pray.
  • Keep your self up to date to the scams going around.
  • There are many legitimate tools that third parties have developed, but some hackers phish out on this. But most of these tools are not incorporating phish prevention techniques so try to keep updated on those. The most common technique to prevent phish attack for a site developer is to add a dynamic image, watch out for those and as i saide before watch out for the address if the tools name is say orkut cute or Smex then it will always be a similar domain in the url and never a free page URL like googlepages.com or some thing like something.something.com. Another thing you could do is ask your friends about the tool if they are using it and to get the URL from them for the tool that they are using.
  • We will be posting phish url and other informative article here, keep update on those.
  • Read about phish attack.


No comments: