[Moderator Warning] READ THIS NOW

Thanks for the heads up Paul. These blokes really horke me off. But good advice no matter what.
thanks,
--Jack

ps its the 1st Friday of the month and the 2600 club is meeting in Raleigh - you want me to ask for a favor against these morons ;-)

Thanks Paul for the warning.


I saw that, and wondered what was up with the strange link.


Jim

I can't believe I didn't catch that. Got to change me pw ASAP.

Luckily I do not use the same pw for forums and Paypal and/or banking accounts.

Thanks for the heads up.

Thanks for the information.

God! Why do people have to be Ass holes!!!

Sorry!

Thanks Paul.

In moments like this I really feel sorry that I've lost the contact with my former Chechen bodyguards... We could send them around with a Kalashnikov to hunt down those guys

Thanks for the heads up!

Thanks for the alert.

Always look for the link,by placing your mouse over.Rather than just click on any link.

Thanks for the warning. This will make all members more vigilant. Warriors are here to fight back any attempt to damage or destroy this valuable forum.

GANESH

Hi

Thanks for the warning, changing all my passwords now...

Like someone said earlier the ******** know its easy money if they can get your account details and then use it in to something else.


Thanks again.

Thanks for the alert!

Now I'm getting this message when opening that website:

403 Forbidden!

The address you have entered is not open to the public

Thanks for the headsup Paul.

But... it's 2011 folks. Buy a copy of RoBoform and use common sense while loggin in to daily websites.

Heck! If you don't, I'll write a WSO for it.

Appreciate the heads up

I always use different usernames and passwords - it's why I would die without Roboform

Thanks for looking out Paul.

Hi Paul,
Check my IP and you will know who I am.

If you would like me to send a few friends their way just send me some info and say the word.

HAGD

~GR~

Thanks Paul for the warning.

Question: Paul I have been logging into my yahoo account lately and reading emails, then I come back and log in later and they still look un opened, you have any idea what that could be?

In 5 years its never been the case but ALWAYS is now.

Thanks so much for the heads up on this. I will be extra vigilant about forum logins.

John,

Nope. Gotta ask Yahoo about that one.


Paul

Thanks for warning us, Paul!

Thanks for the heads up!

I use to be very cautious, but sometimes we are in a hurry and may commit mistakes!

Report them to Godaddy?

http://www.betterwhois.com/bwhois.cgi?verification=5797&domain=zzl.org&submit btn=Continue

One more thing...this is IMPORTANT!



If someone decides to really screw with you...they could modify your "hosts" file.

I'll assume you don't know what this is, since 99% of folks fall into that category. If you do, pat yourself on the back and read on anyway.

Whenever you type in a website address, your operating system (Windows, Mac, Linux) ALWAYS tries to find the IP address in its local "hosts" file first.

Always.

Your "hosts" is a simple text file, mapping IP addresses to domain names...

See here for your OS

Normally your "hosts" file is pretty empty.

Normally it's so empty you'll never see it.

Normally it's so empty your OS will never use it.

Normally it's so empty your browser has to give up and ask elsewhere...(it basically asks the internet root servers where to find stuff instead).

Now...here comes the ****IMPORTANT NEWS****

If someone has tampered with your "hosts" file:

1) it doesn't matter whether you personally typed the URL, and
2) it doesn't matter whether you have a so-called "safe" bookmark either.

(...and let's face it...do you *really* read the system notification popups every time you install something? Me neither...)

Because if someone has tampered with your hosts file, and added an entry for PayPal.com ...and added an IP address which *sends you to their cloned version of PayPal.com*, it's unlikely you'll ever realize.

Why?

'Cuz you typed it in yourself, that's why! Must be safe, right?

Wrong...

Never underestimate the power of the bad guys. They're (unfortunately) often two steps ahead of the good'uns, and twice as smart.

Cheers,
Steve

Thanks Paul for the heads-up.

Cheers,
Lester

thanks paul. it kind of disturbs me how often people fall for this crap.

That's pretty unsettling. It's a good idea to be reminded now and again of just how important it is to be safe, and especially since it's only too easy to get lost in the routine of casual online browsing.

Thanks for the heads up!

Sad what some will do these days...

Oh crap! That's scary! Good reminder to myself that you can never be too careful, especially online...

Yo! Good lookin Paul! I will watch out for this @$$HOLE

wow, it never ceases to amaze me what people will do just to be mean or hurt others.

I guess I am going to be changing my password here right now and some other places.

Thanks,
Kim

That was a nice catch Guujji Boy and Rod Cortez.

I clicked on the link and at first thought it was just a spammer that had screwed up his link. Clicked off almost immediately, I didn't have an interest in the product, but we get a lot of spammers in the OT. I always want to see what the 'angle' is.

Lesson learned and point taken.

Missed that one. So again, good vigilance, you guy's probably saved some people some serious headaches.


Good on ya...as the Aussies say

Oh that's awful. Thank you for the warning.

Thanks for the tip man,

Its sad that people have to resort to being scammers to try and earn a living online rather than just putting in the hard work to do it right and make an honest living eh?

But to further your point, thats why you should ALWAYS check the url your visiting for legitimacy before ya put in any credentials...

I think with teh economy struggling you will see more of this.

People just after a quick buck and not bothered to build a real business.

Pretty sad really ey?

Thanks for the warning - time to start thinking before randomly clicking

Thanks for informing us wow some ppl are just low low low

Thanks for that heads up Paul!!

Thanks Paul, that was close.. whew!

Scumbag is the proper term... thanks for the heads up. I am sure it will come back to bite him/her somehow.

Yeah, I saw a number of people a couple of years ago fall into the trap Paul alludes to. I ended up changing EVEN similar group passwords. I have ALWAYS split up password bases based on the area. So my paypal password is VERY different from my warrior password, and my bank one is also pretty different. Alas, today I have HUNDREDS of accounts that I keep in keepass. Again though, it is encrypted with a higher level password.

And this is a GREAT reason to be VERY careful with the URLs. Ironic! Just last wednesday I was telling some coworkers how random password entry at the customer we are at is impossible, because by the 3rd try, you are locked out. I told them of a guy that I knew that did a similar trick to this to get user names and passwords, without trial and error. He eventually disabled the university's computer department, and was BANNED from the campus.

Steve

that's just horrible, as a new member, its good i came across this.

This is pretty important, I agree...as one who had two of their email accounts broken into in early May, I can tell you it was a big mess. ...

they did what Paul says, btw, they set up a redirect on my acct and I did not even know why I was not getting mail. ...lucky that I had very different acct passwords for the valuable places like banks and PP, etc. I take this very seriously.
_____
Bruce

Thanks paul. These people never get success.

Thanks for the heads up, Paul. I hope just hope they were caught in time and nobody had their account compromised.

Why don't these guys just build a real, honest business of their own!

Thanks for informing us about this latest phishing caper, Paul. There have been a lot of these going around, and one also has to watch out for phishing sites that are set up to be identical clones of popular sites like Paypal and Craigslist - those are usually a bit easier to spot though, because what you typically will receive is an official-sounding email urging you to log into your account right away for some reason or another, and this is already pretty much a red flag in itself.

Paul

Thanks Paul for the warning.

Thanks for the Info.

I always take good care about the login/IDs that are associated with my financial bank account or credit card. Never once use them with the same password as what I use on forum.

I keep a list of my password on a file, but encrypted them so I'm the only one able to read and know what's the real password for each of my ID.

Wow!

So Phishermen have finally decided to target Warriors!

Thanks for the note Paul!

Thanks for the heads up... pretty scary stuff, and like a lot of people have said I think you just instinctively trust the WF and 'click'.

Timely advice for us all.

Thi definitely sucks. seriously, they can make more money if they stop hacking accounts and learn to create win win situation in business.

Thanks for informing us Paul! I can tell from my own experience that we should all pick different passwords for our www accounts!

Thank you for the Heads up. What is wrong with People today ?? Oh Yeah ~ Greed

thanks for the heads up Gujju Boy

Hi, I think I may be confused here. I signed up as a free member last night. I posted some replies, especially in the Motivational section, and Nothing I wrote is there. I put a lot of time into my profile last night as I thought this would be a nice social networking site. So, am I supposed to pay something for my posts to show or to participate in the forums ? I am confused a bit, I usually just stay mainly on Facebook.
Thank you in advance

Thank you for this!

Big thanks for the heads up. People will do anything to steal.

thats ridiculous how low people go to make a buck online.

Thank you for making this public Paul in case that worm decides to try it again (they will probably will too).

The irony in all this is that the person who went through all that trouble to get a domain name and then make a copy of the Warrior Forum account log in page could have spent that time to put up a 3 to 5 page niche website with some affiliate links and adsense and probably make a few bucks. And with those few bucks could have bought some gourmet coffee.

RoD

Thanks for the warning

It's unfortunate but the larger a forum the more phishers and their like figure out ways to exploit it

Thanks for the heads up. I will be checking the URL more often now, don't want to get scammed.

Hi paul.

Thanks for your warning.

Thank You Paul for the warning!

Thanks for the warning.

Why not get on the SSL bandwagon, at least people will feel like they are at the right forum,

Wow, lots to think about to try and secure our web activities...

There is so much of this crap out there, and you are right, Paul, they do it for many reasons but greed tends to be a big one.

Thanks for the warning.

great catch, thanks!

Wow, that is scary that someone would want to do that. Thanks for the heads up!

WOW! Thnks for bringing that to our attention.

Great idea to write protect the hosts file. I forgot about that one!

Awesome share, Paul.

Somebody mentioned RoboForm a few posts ago. If you want a free / open source password manager, KeePass is a decent one. Just make sure that you use a strong master password, regardless of the password manager being used (at least 15 characters, upper case, lower case, numbers, and special characters). I also recommend that you write it down, put it in your wallet, and treat it like a wad of $100 bills (you don't want to forget that password!).

Use the random password generator feature of these products and change your passwords frequently (I recommend every 3 months or so). And as many have already pointed out, NEVER use the same password for more than one site.

I have to look through my stuff; I'm pretty sure I have a report "somewhere" on good password security... If I find it, I'll be happy to share it.

Thanks for the heads up!

Thanks for the heads up!!! I didnt notice until i read your post!!!

Paul,
Thanks for the warning. I try to always make an effort to double check addresses before I log in anywhere. Usually by doing exactly what you said and physically typing in the web address.

Hmmm,

I'd love to read the warning.

Where can I find it?

Thanks for the heads up

Thanks for this Paul

Pretty scary stuff. I think the warning should be repeated as often as possible in WF.

Thank again

Thanks alot Paul that warning I'll be on an extra look out!!!
The Son

oh wow, yeah good looking out man. You really have to be careful clicking certain links because people will even make links like yahoo.com but in the HTML code they change the link to google.com. Obviously with links that have a bigger meaning to personal information though.

Thanks for the warning, can't believe people would try to phish accounts on this forum.

Thank Paul

Regards

Mark

I am assuming the post is removed...

Thanks for the heads up Paul - unfortunately the internet will never see an end to these kind of scumbags!

I remember back when I was 11 years old and playing the online games site Neopets! Even in those days and on that website the EXACT same trick was being used by people to get passwords for a flippin fun and games site - ofcourse when being used on warrior's there is alot more at stake than some pretend money and highscores.

IMHO - It would be an excellent idea to make a special short report outlining these basic scams: phishing, stuffing, poxy images etc and compile it for Warrior's to read through free to educate them and give them a chance to avoid these scumbags money-robbing tactics.

Just so that people do know - if you see any unethical behaviour online then report the criminal to 1) www (dot) ic3 (dot) gov 2) The persons own web hosting service provider. 3) The forum admin at the forum they are using.

AJ.

A big thanks for the warning. It would be so easy to miss something like this. I have to get out of the mindset that because I would never dream of scamming anyone then I will never be scammed myself.

Hope Karma really works.

Woah, hope no one got their login details snatched.

Thanks for the warning !

Thanks for the warning. You always have to be extra careful.

Interesting this thing got resurrected now.

Just yesterday morning someone posted a phishing link here that was pretending to be a way to interface Aweber and Facebook.

Be careful out there...


Paul

Me and Richard Van will sort em out.

Richard you hold em down, Ill Google slap em.

I know. That's probably why they chose that, since a lot of people here would be aware of the option and not be as skeptical as they might otherwise have been.

Phishing attempts are getting a lot more sophisticated and targeted.

For instance, we often see people asking "everyone" or "all Warriors" to add them to Skype. Some of those requests are probably harmless and naive, but I'd bet a good chunk of them aren't. Why would anyone want to have that many people in their Skype contact list?

Google the phrase: Skype phish


Paul

What a puddle of smelly pond scum some people are.

It's interesting to see people that dedicate a massive amount of time coming up with ways to rip people off.

I've been getting emails that take me to phony bank sites. They look legit until you start clicking around. LOL

Thanks for the heads up.

Thanks for the heads-up Paul! It's really important to check URLs for phishing attempts whenever someone provides a link. Anyway, it looks like his host has suspended his account for ToS violation. Someone must have reported it. Good job!

Thank you for the warning.