[Moderator Warning] READ THIS NOW

123 replies
Watch out for this!

Some idiot just posted a "discount offer" for a popular article submitting product. The text link said it went to an ad in the Warrior Products and Services section. The real link went to a page at http://warriorforum.zzl.org.

That page was an exact copy of the log-in page for this forum.

Not content to spam the crap out of the place, this scumbag wants to steal your account. You may be certain this will not be the only such attempt. Be extremely cautious of where you are when you intend to log in to this forum, or any other site.

If they're doing it here, the same people will be doing it on other forums.

The part of the address appearing immediately prior to the first / after http:// should be www.warriorforum.com. No variants. It's best that you type it in yourself or load the page from a bookmark, as it's easy to miss things like warrliorforum or warr1orforum or warriorf0rum, warriorform, etc.

There's a lot more at stake for many of you than just your WF account in a situation like this. It's way too common for people to use their main email addresses here, along with the password they use for multiple sites. (Hint: Different password for every site!)

I guarantee you, there are hundreds of people here who use their Paypal address as the address in their forum profiles, and have the same password for both. Let the creeps get hold of that, and you lose a lot more than just this account.


Paul
#moderator #read #warning
  • Profile picture of the author jacktackett
    Thanks for the heads up Paul. These blokes really horke me off. But good advice no matter what.
    thanks,
    --Jack

    ps its the 1st Friday of the month and the 2600 club is meeting in Raleigh - you want me to ask for a favor against these morons ;-)
    Signature
    Let's get Tim the kidney he needs!HELP Tim
    Mega Monster WSO for KimW http://ow.ly/4JdHm


    {{ DiscussionBoard.errors[4005939].message }}
  • Profile picture of the author Roaddog
    Thanks Paul for the warning.


    I saw that, and wondered what was up with the strange link.


    Jim
    {{ DiscussionBoard.errors[4005974].message }}
  • Profile picture of the author KimW
    I can't believe I didn't catch that. Got to change me pw ASAP.

    Luckily I do not use the same pw for forums and Paypal and/or banking accounts.
    Signature

    Read A Post.
    Subscribe to a Newsletter
    KimWinfrey.Com

    {{ DiscussionBoard.errors[4005989].message }}
  • Profile picture of the author koppster
    Thanks for the heads up.
    {{ DiscussionBoard.errors[4005991].message }}
  • Profile picture of the author Giani
    Thanks for the information.
    Signature

    {{ DiscussionBoard.errors[4006004].message }}
  • Profile picture of the author John Durham
    God! Why do people have to be Ass holes!!!

    Sorry!

    Thanks Paul.
    {{ DiscussionBoard.errors[4006017].message }}
  • Profile picture of the author Istvan Horvath
    In moments like this I really feel sorry that I've lost the contact with my former Chechen bodyguards... We could send them around with a Kalashnikov to hunt down those guys

    Thanks for the heads up!
    Signature

    {{ DiscussionBoard.errors[4006028].message }}
    • Profile picture of the author donaldwilson
      big thanks for the heads up my man.....and great points too
      {{ DiscussionBoard.errors[4006035].message }}
  • Profile picture of the author masterjani
    Thanks for the alert.

    Always look for the link,by placing your mouse over.Rather than just click on any link.
    {{ DiscussionBoard.errors[4006037].message }}
    • Profile picture of the author Paul Myers
      Jack,
      ps its the 1st Friday of the month and the 2600 club is meeting in Raleigh - you want me to ask for a favor against these morons ;-)
      [chuckle] Thanks, but the host is probably not at fault, and they'd just switch hosts or domains. The only people who'd be hit would be the innocent.

      John,

      Because being a destructive [expletive skipped] is easier than doing something productive. Also, some folks find the pain of others amusing. Some are just sociopaths. Plenty of other reasons.

      Easy money is the biggest reason for something like this.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[4006045].message }}
      • Profile picture of the author Paul Myers
        Some folks may not "get" why using the same password for multiple accounts is a big deal. Consider: UberScum gets the password for your main email account. He goes to the banks in your area and guesses at your username at your bank. The most common: Your email address, the first part of same, or your name.

        Gets a result, and hits the "Forgot my password" button. At many places, that will get the password sent back to the compromised address, opening up your account to the creep.

        The most likely targets here are Paypal accounts.


        Paul
        Signature
        .
        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[4006075].message }}
        • Profile picture of the author Paul Myers
          By the way.. This is a perfect example of why member moderation is so important. Gujju Boy is the only one who reported this. We would most likely never have noticed it without his help. We'd have probably just deleted the thread as an ad, if it was reported, and not done anything with it otherwise.

          Scroll back up to Gujju Boy's post and thank that man!


          Paul

          PS: I sit corrected. Rod Cortez reported a separate instance of the same thing. Thanks, Too Much Coffee Man!
          Signature
          .
          Stop by Paul's Pub - my little hangout on Facebook.

          {{ DiscussionBoard.errors[4006088].message }}
        • Profile picture of the author Tina Golden
          Originally Posted by Paul Myers View Post

          Some folks may not "get" why using the same password for multiple accounts is a big deal. Consider: UberScum gets the password for your main email account. He goes to the banks in your area and guesses at your username at your bank. The most common: Your email address, the first part of same, or your name.

          Gets a result, and hits the "Forgot my password" button. At many places, that will get the password sent back to the compromised address, opening up your account to the creep.

          The most likely targets here are Paypal accounts.


          Paul
          I learned this the hard way. My email was hacked and that's exactly what happened. I was naive enough to have the same password pretty much everywhere and the hacker got into my PayPal account. Over $500 was taken from my bank account via PayPal before it was stopped.

          Thankfully, I did get the money back but I learned that my PayPal password is not used anywhere else, EVER.
          Signature
          Discover how to have fabulous, engaging content with
          Fast & Easy Content Creation
          ***Especially if you don't have enough time, money, or just plain HATE writing***
          {{ DiscussionBoard.errors[4007675].message }}
  • Profile picture of the author ganesh
    Thanks for the warning. This will make all members more vigilant. Warriors are here to fight back any attempt to damage or destroy this valuable forum.

    GANESH
    Signature

    {{ DiscussionBoard.errors[4006119].message }}
  • Profile picture of the author myagi007
    Hi

    Thanks for the warning, changing all my passwords now...

    Like someone said earlier the ******** know its easy money if they can get your account details and then use it in to something else.


    Thanks again.
    Signature
    Would you like to make £5k per week, have a look at www.affiliatemarketing1.com.
    {{ DiscussionBoard.errors[4006130].message }}
  • {{ DiscussionBoard.errors[4006144].message }}
    • Profile picture of the author JohnMcCabe
      I wonder how hard it would be to add an extra ring to the Inferno for scum like this...

      To all the sharp-eyed ones out there, thank you!
      {{ DiscussionBoard.errors[4006174].message }}
  • Profile picture of the author luzern
    Now I'm getting this message when opening that website:

    403 Forbidden!

    The address you have entered is not open to the public
    {{ DiscussionBoard.errors[4006164].message }}
    • Profile picture of the author Paul Myers
      Originally Posted by luzern View Post

      Now I'm getting this message when opening that website:

      403 Forbidden!

      The address you have entered is not open to the public
      I didn't include the complete link. Just the base URL, so people could see the example of how URLs in many phishing attempts are constructed.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[4006200].message }}
  • Profile picture of the author Fernando Veloso
    Thanks for the headsup Paul.

    But... it's 2011 folks. Buy a copy of RoBoform and use common sense while loggin in to daily websites.

    Heck! If you don't, I'll write a WSO for it.
    Signature
    People make good money selling to the rich. But the rich got rich selling to the masses.
    {{ DiscussionBoard.errors[4006202].message }}
  • Profile picture of the author JamieSEO
    Appreciate the heads up

    I always use different usernames and passwords - it's why I would die without Roboform
    Signature

    {{ DiscussionBoard.errors[4006204].message }}
  • Profile picture of the author Clyde
    Thanks for looking out Paul.
    Signature

    Generate Unlimited Number of Micro Niche Keywords, Multi-threaded EMD Finder PLUS More!




    50% OFF WSO.
    {{ DiscussionBoard.errors[4006212].message }}
  • Profile picture of the author Grim Reaper
    Hi Paul,
    Check my IP and you will know who I am.

    If you would like me to send a few friends their way just send me some info and say the word.

    HAGD

    ~GR~
    {{ DiscussionBoard.errors[4006228].message }}
  • Profile picture of the author Lulu Chil
    Thanks Paul for the warning.
    {{ DiscussionBoard.errors[4006239].message }}
  • Profile picture of the author John Durham
    Question: Paul I have been logging into my yahoo account lately and reading emails, then I come back and log in later and they still look un opened, you have any idea what that could be?

    In 5 years its never been the case but ALWAYS is now.
    {{ DiscussionBoard.errors[4006243].message }}
  • Profile picture of the author sbucciarel
    Banned
    Thanks so much for the heads up on this. I will be extra vigilant about forum logins.
    {{ DiscussionBoard.errors[4006244].message }}
  • Profile picture of the author Paul Myers
    John,

    Nope. Gotta ask Yahoo about that one.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[4006285].message }}
  • Profile picture of the author AnonymouS12
    Thanks for warning us, Paul!
    {{ DiscussionBoard.errors[4006399].message }}
  • Profile picture of the author williamrs
    Thanks for the heads up!

    I use to be very cautious, but sometimes we are in a hurry and may commit mistakes!
    Signature
    Steal My Profit Strategy



    >> Download Now <<
    {{ DiscussionBoard.errors[4006467].message }}
  • {{ DiscussionBoard.errors[4006558].message }}
  • Profile picture of the author Steven Fullman
    One more thing...this is IMPORTANT!



    If someone decides to really screw with you...they could modify your "hosts" file.

    I'll assume you don't know what this is, since 99% of folks fall into that category. If you do, pat yourself on the back and read on anyway.

    Whenever you type in a website address, your operating system (Windows, Mac, Linux) ALWAYS tries to find the IP address in its local "hosts" file first.

    Always.

    Your "hosts" is a simple text file, mapping IP addresses to domain names...

    See here for your OS

    Normally your "hosts" file is pretty empty.

    Normally it's so empty you'll never see it.

    Normally it's so empty your OS will never use it.

    Normally it's so empty your browser has to give up and ask elsewhere...(it basically asks the internet root servers where to find stuff instead).

    Now...here comes the ****IMPORTANT NEWS****

    If someone has tampered with your "hosts" file:

    1) it doesn't matter whether you personally typed the URL, and
    2) it doesn't matter whether you have a so-called "safe" bookmark either.

    (...and let's face it...do you *really* read the system notification popups every time you install something? Me neither...)

    Because if someone has tampered with your hosts file, and added an entry for PayPal.com ...and added an IP address which *sends you to their cloned version of PayPal.com*, it's unlikely you'll ever realize.

    Why?

    'Cuz you typed it in yourself, that's why! Must be safe, right?

    Wrong...

    Never underestimate the power of the bad guys. They're (unfortunately) often two steps ahead of the good'uns, and twice as smart.

    Cheers,
    Steve
    Signature

    Not promoting right now

    {{ DiscussionBoard.errors[4006560].message }}
    • Profile picture of the author Bill Farnham
      @Steven Fullman,

      I'm sending you the bill for my new sleeping pills presciption...

      I'm buying the BIG bottle...

      ~Bill
      Signature
      {{ DiscussionBoard.errors[4006602].message }}
      • Profile picture of the author Steven Fullman
        Originally Posted by Bill Farnham View Post

        @Steven Fullman,

        I'm sending you the bill for my new sleeping pills presciption...

        I'm buying the BIG bottle...

        ~Bill
        Hey Bill,

        Long time no sleep...erm...speak!

        How are you?

        Steve

        PS I thought the post would be a *cure* for insomnia, not a cause
        Signature

        Not promoting right now

        {{ DiscussionBoard.errors[4006629].message }}
    • Profile picture of the author jacktackett
      Originally Posted by Steven Fullman View Post

      One more thing...this is IMPORTANT!



      If someone decides to really screw with you...they could modify your "hosts" file.

      I'll assume you don't know what this is, since 99% of folks fall into that category. If you do, pat yourself on the back and read on anyway.

      Whenever you type in a website address, your operating system (Windows, Mac, Linux) ALWAYS tries to find the IP address in its local "hosts" file first.

      Always.

      ....

      Great point Steven - which is why in windows I ALWAYS write protect the hosts file - so any changes have to be done by hand by an administrator account.

      As Mad eye would say - Eternal Vigilance!

      --Jack
      Signature
      Let's get Tim the kidney he needs!HELP Tim
      Mega Monster WSO for KimW http://ow.ly/4JdHm


      {{ DiscussionBoard.errors[4006858].message }}
    • Profile picture of the author sanssecret
      Originally Posted by Steven Fullman View Post

      One more thing...this is IMPORTANT!



      If someone decides to really screw with you...they could modify your "hosts" file.

      I'll assume you don't know what this is, since 99% of folks fall into that category. If you do, pat yourself on the back and read on anyway.

      Whenever you type in a website address, your operating system (Windows, Mac, Linux) ALWAYS tries to find the IP address in its local "hosts" file first.

      Always.

      Your "hosts" is a simple text file, mapping IP addresses to domain names...

      See here for your OS

      Normally your "hosts" file is pretty empty.

      Normally it's so empty you'll never see it.

      Normally it's so empty your OS will never use it.

      Normally it's so empty your browser has to give up and ask elsewhere...(it basically asks the internet root servers where to find stuff instead).

      Now...here comes the ****IMPORTANT NEWS****

      If someone has tampered with your "hosts" file:

      1) it doesn't matter whether you personally typed the URL, and
      2) it doesn't matter whether you have a so-called "safe" bookmark either.

      (...and let's face it...do you *really* read the system notification popups every time you install something? Me neither...)

      Because if someone has tampered with your hosts file, and added an entry for PayPal.com ...and added an IP address which *sends you to their cloned version of PayPal.com*, it's unlikely you'll ever realize.

      Why?

      'Cuz you typed it in yourself, that's why! Must be safe, right?

      Wrong...

      Never underestimate the power of the bad guys. They're (unfortunately) often two steps ahead of the good'uns, and twice as smart.

      Cheers,
      Steve
      Damn Steve, now I'm really scared. My gmail got hacked a while back and I finally got round to installing roboform and changing all my passwords. (thankfully, I always kept a different password for Paypal).

      How do I find this 'hosts' file to check it's as empty as it's supposed to be?
      Signature
      San

      The man who views the world at fifty the same as he did at twenty has wasted thirty years of his life. ~Muhammad Ali
      Pay me to play. :) Order a Custom Cover today.
      {{ DiscussionBoard.errors[4008243].message }}
  • {{ DiscussionBoard.errors[4006646].message }}
  • Profile picture of the author Mike McAleer
    thanks paul. it kind of disturbs me how often people fall for this crap.
    Signature

    Recent domain flips : $8->$1000 Social recruiting Software dot com $8->$2000 MobileSalesSoftware.com
    Invest in domains without the hard work !
    Email for details...Mike McAleer at me dot com

    {{ DiscussionBoard.errors[4006700].message }}
  • Profile picture of the author MMWoodward
    That's pretty unsettling. It's a good idea to be reminded now and again of just how important it is to be safe, and especially since it's only too easy to get lost in the routine of casual online browsing.
    Signature
    Original content, fast turnaround, and high quality.
    Article writer for hire
    : $0.04/word.
    Here's what Jenn Dize had to say:
    "I can safely count her work among some of the best I've read."

    {{ DiscussionBoard.errors[4006706].message }}
  • Profile picture of the author Rsberg
    Thanks for the heads up!

    Sad what some will do these days...
    {{ DiscussionBoard.errors[4006724].message }}
  • Profile picture of the author Coby
    Oh crap! That's scary! Good reminder to myself that you can never be too careful, especially online...
    {{ DiscussionBoard.errors[4006745].message }}
  • Profile picture of the author rekerlolz
    Yo! Good lookin Paul! I will watch out for this @$$HOLE
    {{ DiscussionBoard.errors[4006750].message }}
  • Profile picture of the author kimberly Aita
    wow, it never ceases to amaze me what people will do just to be mean or hurt others.

    I guess I am going to be changing my password here right now and some other places.

    Thanks,
    Kim
    {{ DiscussionBoard.errors[4006878].message }}
  • Profile picture of the author Roaddog
    Originally Posted by Gujju Boy View Post

    Hi Paul,
    Thanks for the warning.
    I posted a same thread few minutes before this one appeared :

    http://www.warriorforum.com/main-int...m-account.html

    As this is an official thread from moderator, please delete/lock my thread.

    Best Regards,
    Gujju Boy

    That was a nice catch Guujji Boy and Rod Cortez.

    I clicked on the link and at first thought it was just a spammer that had screwed up his link. Clicked off almost immediately, I didn't have an interest in the product, but we get a lot of spammers in the OT. I always want to see what the 'angle' is.

    Lesson learned and point taken.

    Missed that one. So again, good vigilance, you guy's probably saved some people some serious headaches.


    Good on ya...as the Aussies say
    {{ DiscussionBoard.errors[4006958].message }}
  • {{ DiscussionBoard.errors[4007075].message }}
  • Profile picture of the author MatthewNeer
    Thanks for the tip man,

    Its sad that people have to resort to being scammers to try and earn a living online rather than just putting in the hard work to do it right and make an honest living eh?

    But to further your point, thats why you should ALWAYS check the url your visiting for legitimacy before ya put in any credentials...
    Signature
    Three (3) Income Streams DFY
    New FREE Website Builds Your List
    And Earns From 3 Income Streams
    http://ListLeverage.com
    {{ DiscussionBoard.errors[4007098].message }}
  • Profile picture of the author celente
    I think with teh economy struggling you will see more of this.

    People just after a quick buck and not bothered to build a real business.

    Pretty sad really ey?
    {{ DiscussionBoard.errors[4007205].message }}
  • {{ DiscussionBoard.errors[4007240].message }}
  • Profile picture of the author cashmagnet
    Thanks for informing us wow some ppl are just low low low
    Signature

    If your looking for fast success with low failure get a coach/consultation, DM for skyp bookings.

    {{ DiscussionBoard.errors[4007244].message }}
    • Profile picture of the author Mike Baker
      Originally Posted by Tim Dini View Post

      Another option is LastPass (lastpass.com)

      Like Robo but it's free.
      Originally Posted by Fernando Veloso View Post

      Thanks for the headsup Paul.

      But... it's 2011 folks. Buy a copy of RoBoform and use common sense while loggin in to daily websites.

      Heck! If you don't, I'll write a WSO for it.
      Don't ever rely on password program alone. Those too can be hacked. I personally recommend writing them down on a notepad. Nobody can hack them if they are not located in your computing system.
      Signature

      {{ DiscussionBoard.errors[4009124].message }}
      • Profile picture of the author Ken Strong
        Originally Posted by Mike Baker View Post

        Don't ever rely on password program alone. Those too can be hacked. I personally recommend writing them down on a notepad. Nobody can hack them if they are not located in your computing system.
        There's also Roboform2go, which lets you store all the passwords on a thumb drive or other removable media, so the passwords are never stored on your computer.

        But writing them down works too, of course.
        {{ DiscussionBoard.errors[4011453].message }}
        • Profile picture of the author Mike Baker
          Originally Posted by Ken Strong View Post

          There's also Roboform2go, which lets you store all the passwords on a thumb drive or other removable media, so the passwords are never stored on your computer.

          But writing them down works too, of course.
          If it's connected to your computer via USB it can also be hacked, even with military grade AES encryption.

          If data information is digital, we all run the risk of having it stolen.
          Signature

          {{ DiscussionBoard.errors[4013211].message }}
          • Profile picture of the author seasoned
            Originally Posted by Mike Baker View Post

            If it's connected to your computer via USB it can also be hacked, even with military grade AES encryption.

            If data information is digital, we all run the risk of having it stolen.
            Yeah, in most cases there is a trusted area where things are NOT encrypted. Like SSL. With SSL, the info is encrypted between your browser network connection and the other server. Within their server, and between your keyboard and browser network connection, it ISN'T encrypted. So you STILL have to worry about keyloggers and THEY should still worry about rootkits and breakins. But HEY, the connections between the two are pretty safe.

            BTW a good example of this is Keepass. They actually have an option to KEEP various fields in memory encrypted! WHY? Because on some environments, and some processors, it is possible for one process(like a virus), to access memory used by another process(like keepass). The encryption helps ensure that any such attempt is likely to come up with junk. USUALLY, encrypted data is decrypted before it is put into memory, if it has to be used in its decrypted state. It is just easier, faster, more efficient, and generally safe.

            Steve
            {{ DiscussionBoard.errors[4014141].message }}
    • Profile picture of the author AdSellCanada
      It pays to be very diligent online, treat every place as if it was a new entity - never use the same pwords or emails.
      Signature

      Free Canadian Classifieds! http://AdSell.ca

      Free USA Classifieds! (coming soon) http://AdSell.us

      {{ DiscussionBoard.errors[4011135].message }}
    • Profile picture of the author KatheLucas
      Thanks Paul...always great to be made aware of these things - jerks :rolleyes:
      Signature

      New To IM And Still Confused? Free "How To" Videos To Give You A Boost: www.WebBusinessBasics.com

      Bring YOUR new product launch to us at www.LaunchAlerts.com

      {{ DiscussionBoard.errors[4032562].message }}
  • Profile picture of the author BrenOHara
    Thanks for that heads up Paul!!
    Signature
    MasterResellRights.com - Since 2006. Updated daily. Exclusive members only PLR. Check out our Private Label Rights catalog for our listings.
    {{ DiscussionBoard.errors[4007266].message }}
  • Profile picture of the author tanaris
    Thanks Paul, that was close.. whew!
    {{ DiscussionBoard.errors[4007269].message }}
  • Profile picture of the author Gregg
    Scumbag is the proper term... thanks for the heads up. I am sure it will come back to bite him/her somehow.
    {{ DiscussionBoard.errors[4007393].message }}
  • Profile picture of the author seasoned
    Yeah, I saw a number of people a couple of years ago fall into the trap Paul alludes to. I ended up changing EVEN similar group passwords. I have ALWAYS split up password bases based on the area. So my paypal password is VERY different from my warrior password, and my bank one is also pretty different. Alas, today I have HUNDREDS of accounts that I keep in keepass. Again though, it is encrypted with a higher level password.

    And this is a GREAT reason to be VERY careful with the URLs. Ironic! Just last wednesday I was telling some coworkers how random password entry at the customer we are at is impossible, because by the 3rd try, you are locked out. I told them of a guy that I knew that did a similar trick to this to get user names and passwords, without trial and error. He eventually disabled the university's computer department, and was BANNED from the campus.

    Steve
    {{ DiscussionBoard.errors[4007395].message }}
  • Profile picture of the author Jimmy101
    that's just horrible, as a new member, its good i came across this.
    {{ DiscussionBoard.errors[4007505].message }}
  • Profile picture of the author Bruce NewMedia
    This is pretty important, I agree...as one who had two of their email accounts broken into in early May, I can tell you it was a big mess. ...

    they did what Paul says, btw, they set up a redirect on my acct and I did not even know why I was not getting mail. ...lucky that I had very different acct passwords for the valuable places like banks and PP, etc. I take this very seriously.
    _____
    Bruce
    {{ DiscussionBoard.errors[4007615].message }}
  • Profile picture of the author Rukshan
    Thanks paul. These people never get success.
    Signature

    {{ DiscussionBoard.errors[4007786].message }}
  • Profile picture of the author Marcus C
    Thanks for the heads up, Paul. I hope just hope they were caught in time and nobody had their account compromised.

    Why don't these guys just build a real, honest business of their own!
    {{ DiscussionBoard.errors[4008199].message }}
  • Profile picture of the author paulie888
    Thanks for informing us about this latest phishing caper, Paul. There have been a lot of these going around, and one also has to watch out for phishing sites that are set up to be identical clones of popular sites like Paypal and Craigslist - those are usually a bit easier to spot though, because what you typically will receive is an official-sounding email urging you to log into your account right away for some reason or another, and this is already pretty much a red flag in itself.

    Paul
    Signature
    >>> Features Jason Fladlien, John S. Rhodes, Justin Brooke, Sean I. Mitchell, Reed Floren and Brad Gosse! <<<
    {{ DiscussionBoard.errors[4008233].message }}
  • Profile picture of the author William Prawira
    Thanks for the Info.

    I always take good care about the login/IDs that are associated with my financial bank account or credit card. Never once use them with the same password as what I use on forum.

    I keep a list of my password on a file, but encrypted them so I'm the only one able to read and know what's the real password for each of my ID.
    Signature

    Thanks,

    William Prawira

    {{ DiscussionBoard.errors[4008400].message }}
  • Profile picture of the author SamirSM
    Wow!

    So Phishermen have finally decided to target Warriors!

    Thanks for the note Paul!
    {{ DiscussionBoard.errors[4008450].message }}
  • Thanks for the heads up... pretty scary stuff, and like a lot of people have said I think you just instinctively trust the WF and 'click'.

    Timely advice for us all.
    Signature

    Tap into the Video Gold Mine with my Free 4 Part Offline Cash Secrets video course.

    If you want to FINALLY start making money online then check out Instant Internet Lifestyle blog.

    {{ DiscussionBoard.errors[4008510].message }}
  • Profile picture of the author ankur sharma
    Thi definitely sucks. seriously, they can make more money if they stop hacking accounts and learn to create win win situation in business.
    {{ DiscussionBoard.errors[4008524].message }}
    • Profile picture of the author Paul Myers
      Hey...

      All I did was tell y'all about it. I didn't spot this. If you really want to say thanks to the dude who made us aware of it first, go to http://www.warriorforum.com/main-int...ml#post4006059

      ... and thank Gujju Boy. And the next time you see a post by Rod Cortez, thank him, too. They're the ones who spotted the gimmick and reported it.

      If you've ever wondered how important the role of members as moderators is, this is the perfect example. This is 100% the result of two people paying attention and clicking that little red triangle.

      And if you've ever wondered if it's worth the effort, consider the amount of hassle and loss those two gents may have prevented by taking such small, but important, actions.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[4008563].message }}
  • Profile picture of the author MBizInc
    Thanks for informing us Paul! I can tell from my own experience that we should all pick different passwords for our www accounts!
    {{ DiscussionBoard.errors[4008634].message }}
  • Profile picture of the author Psychicwitch
    Thank you for the Heads up. What is wrong with People today ?? Oh Yeah ~ Greed
    Signature

    Myrtlelyn The Psychic Witch
    Myrtlelyn's Psychic Parlor
    http://www.psychicwitch.net
    {{ DiscussionBoard.errors[4009017].message }}
  • Profile picture of the author lowkey786
    thanks for the heads up Gujju Boy
    {{ DiscussionBoard.errors[4009022].message }}
  • Profile picture of the author Psychicwitch
    Hi, I think I may be confused here. I signed up as a free member last night. I posted some replies, especially in the Motivational section, and Nothing I wrote is there. I put a lot of time into my profile last night as I thought this would be a nice social networking site. So, am I supposed to pay something for my posts to show or to participate in the forums ? I am confused a bit, I usually just stay mainly on Facebook.
    Thank you in advance
    Signature

    Myrtlelyn The Psychic Witch
    Myrtlelyn's Psychic Parlor
    http://www.psychicwitch.net
    {{ DiscussionBoard.errors[4009094].message }}
  • Profile picture of the author shystar
    Thank you for this!
    {{ DiscussionBoard.errors[4009381].message }}
  • Profile picture of the author talfighel
    Big thanks for the heads up. People will do anything to steal.
    {{ DiscussionBoard.errors[4009536].message }}
  • {{ DiscussionBoard.errors[4011464].message }}
  • Profile picture of the author Rod Cortez
    Thank you for making this public Paul in case that worm decides to try it again (they will probably will too).

    The irony in all this is that the person who went through all that trouble to get a domain name and then make a copy of the Warrior Forum account log in page could have spent that time to put up a 3 to 5 page niche website with some affiliate links and adsense and probably make a few bucks. And with those few bucks could have bought some gourmet coffee.

    RoD
    Signature
    "Your personal philosophy is the greatest determining factor in how your life works out."
    - Jim Rohn
    {{ DiscussionBoard.errors[4011549].message }}
  • Profile picture of the author paddyhack
    Thanks for the warning
    {{ DiscussionBoard.errors[4011691].message }}
  • Profile picture of the author dagaul101
    It's unfortunate but the larger a forum the more phishers and their like figure out ways to exploit it
    {{ DiscussionBoard.errors[4013405].message }}
  • Profile picture of the author StevenJones
    Thanks for the heads up. I will be checking the URL more often now, don't want to get scammed.
    {{ DiscussionBoard.errors[4013620].message }}
  • Profile picture of the author gokulvikas
    Hi paul.

    Thanks for your warning.
    {{ DiscussionBoard.errors[4015790].message }}
  • Profile picture of the author Stefan S
    Thank You Paul for the warning!
    {{ DiscussionBoard.errors[4021055].message }}
  • Profile picture of the author hikerguy777
    Thanks for the warning.
    {{ DiscussionBoard.errors[4021078].message }}
  • Profile picture of the author OrganicSeoGuru
    Why not get on the SSL bandwagon, at least people will feel like they are at the right forum,
    {{ DiscussionBoard.errors[4021278].message }}
  • Profile picture of the author bking
    Wow, lots to think about to try and secure our web activities...

    There is so much of this crap out there, and you are right, Paul, they do it for many reasons but greed tends to be a big one.

    Thanks for the warning.
    {{ DiscussionBoard.errors[4021707].message }}
  • Profile picture of the author omk
    great catch, thanks!
    {{ DiscussionBoard.errors[4022095].message }}
  • Profile picture of the author area51backlinks
    Wow, that is scary that someone would want to do that. Thanks for the heads up!
    {{ DiscussionBoard.errors[4023690].message }}
  • Profile picture of the author Brad Pollina
    WOW! Thnks for bringing that to our attention.

    Great idea to write protect the hosts file. I forgot about that one!
    Signature
    "Be patient with me....God isn't finished with me yet!"
    {{ DiscussionBoard.errors[4023770].message }}
  • Profile picture of the author Tom Brownsword
    Awesome share, Paul.

    Somebody mentioned RoboForm a few posts ago. If you want a free / open source password manager, KeePass is a decent one. Just make sure that you use a strong master password, regardless of the password manager being used (at least 15 characters, upper case, lower case, numbers, and special characters). I also recommend that you write it down, put it in your wallet, and treat it like a wad of $100 bills (you don't want to forget that password!).

    Use the random password generator feature of these products and change your passwords frequently (I recommend every 3 months or so). And as many have already pointed out, NEVER use the same password for more than one site.

    I have to look through my stuff; I'm pretty sure I have a report "somewhere" on good password security... If I find it, I'll be happy to share it.
    Signature

    Tom Brownsword, CISSP®, GCIA, ITILv3
    Certified Computer Security Pro
    http://ProtectorSupport.com
    http://BusinessActionSteps.com
    ------------------------------

    {{ DiscussionBoard.errors[4026258].message }}
    • Profile picture of the author Jaguar-TI
      Really appreciate the heads up Paul.

      Thanks to everyone who provided extra input for security measures and ways this scum dwellers can mess your life.

      Jaguar
      {{ DiscussionBoard.errors[4027364].message }}
  • Profile picture of the author Cloudzz
    Thanks for the heads up!
    {{ DiscussionBoard.errors[4027435].message }}
  • Profile picture of the author ysckyler
    Thanks for the heads up!!! I didnt notice until i read your post!!!
    {{ DiscussionBoard.errors[4027502].message }}
  • Profile picture of the author tgdrew
    Paul,
    Thanks for the warning. I try to always make an effort to double check addresses before I log in anywhere. Usually by doing exactly what you said and physically typing in the web address.
    {{ DiscussionBoard.errors[4032585].message }}
  • Profile picture of the author lisalafrance
    Hmmm,

    I'd love to read the warning.

    Where can I find it?
    Signature
    {{ DiscussionBoard.errors[4046799].message }}
    • Profile picture of the author Rod Cortez
      Originally Posted by lisalafrance View Post

      Hmmm,

      I'd love to read the warning.

      Where can I find it?
      It's on the first page of this thread, but here it is for your convenience:

      Originally Posted by Paul Myers View Post

      Watch out for this!

      Some idiot just posted a "discount offer" for a popular article submitting product. The text link said it went to an ad in the Warrior Products and Services section. The real link went to a page at http://warriorforum.zzl.org.

      That page was an exact copy of the log-in page for this forum.

      Not content to spam the crap out of the place, this scumbag wants to steal your account. You may be certain this will not be the only such attempt. Be extremely cautious of where you are when you intend to log in to this forum, or any other site.

      If they're doing it here, the same people will be doing it on other forums.

      The part of the address appearing immediately prior to the first / after http:// should be www.warriorforum.com. No variants. It's best that you type it in yourself or load the page from a bookmark, as it's easy to miss things like warrliorforum or warr1orforum or warriorf0rum, warriorform, etc.

      There's a lot more at stake for many of you than just your WF account in a situation like this. It's way too common for people to use their main email addresses here, along with the password they use for multiple sites. (Hint: Different password for every site!)

      I guarantee you, there are hundreds of people here who use their Paypal address as the address in their forum profiles, and have the same password for both. Let the creeps get hold of that, and you lose a lot more than just this account.


      Paul
      Signature
      "Your personal philosophy is the greatest determining factor in how your life works out."
      - Jim Rohn
      {{ DiscussionBoard.errors[4046808].message }}
  • Profile picture of the author ebvette
    Thanks for the heads up
    {{ DiscussionBoard.errors[4048156].message }}
  • Profile picture of the author Alan Ashwood
    Originally Posted by Paul Myers View Post

    Watch out for this!

    Some idiot just posted a "discount offer" for a popular article submitting product. The text link said it went to an ad in the Warrior Products and Services section. The real link went to a page at http://warriorforum.zzl.org.

    That page was an exact copy of the log-in page for this forum.

    Not content to spam the crap out of the place, this scumbag wants to steal your account. You may be certain this will not be the only such attempt. Be extremely cautious of where you are when you intend to log in to this forum, or any other site.

    If they're doing it here, the same people will be doing it on other forums.

    The part of the address appearing immediately prior to the first / after http:// should be www.warriorforum.com. No variants. It's best that you type it in yourself or load the page from a bookmark, as it's easy to miss things like warrliorforum or warr1orforum or warriorf0rum, warriorform, etc.

    There's a lot more at stake for many of you than just your WF account in a situation like this. It's way too common for people to use their main email addresses here, along with the password they use for multiple sites. (Hint: Different password for every site!)

    I guarantee you, there are hundreds of people here who use their Paypal address as the address in their forum profiles, and have the same password for both. Let the creeps get hold of that, and you lose a lot more than just this account.


    Paul
    Thanks for this Paul

    Pretty scary stuff. I think the warning should be repeated as often as possible in WF.

    Thank again
    Signature
    Now where did I put that pencil?

    Time for a cuppa.
    {{ DiscussionBoard.errors[4050333].message }}
    • Profile picture of the author Sandor Verebi
      Hi Paul,

      Thank you and Gijju Boy for your heads up. I arranged accordingly for that.

      Regards,

      Sandor
      {{ DiscussionBoard.errors[4050433].message }}
  • Profile picture of the author FalkonatorsSon
    Thanks alot Paul that warning I'll be on an extra look out!!!
    The Son
    {{ DiscussionBoard.errors[4050871].message }}
  • Profile picture of the author WDM
    oh wow, yeah good looking out man. You really have to be careful clicking certain links because people will even make links like yahoo.com but in the HTML code they change the link to google.com. Obviously with links that have a bigger meaning to personal information though.
    {{ DiscussionBoard.errors[4050905].message }}
  • Profile picture of the author vblacke
    Thanks for the warning, can't believe people would try to phish accounts on this forum.
    {{ DiscussionBoard.errors[4051739].message }}
    • Profile picture of the author Seek Knowledge
      Originally Posted by vblacke View Post

      Thanks for the warning, can't believe people would try to phish accounts on this forum.
      From a scammers perspective it makes perfect sense to target this forum - for as Paul said in his post; no doubt some people use the same pass's here as they do with their paypal's.

      Fortunately the Warrior Forum is one of the most switched on forums when it comes to identifying scams and the community here really helps each other out - that's why I joined up in the first place; because of the community I witnessed from lurking for years prior.

      AJ.
      {{ DiscussionBoard.errors[4794576].message }}
  • Thank Paul

    Regards

    Mark
    Signature

    "Winners find a way, losers find an excuse"

    {{ DiscussionBoard.errors[4051830].message }}
  • Profile picture of the author JackRT
    I am assuming the post is removed...
    {{ DiscussionBoard.errors[4052069].message }}
  • Profile picture of the author Seek Knowledge
    Thanks for the heads up Paul - unfortunately the internet will never see an end to these kind of scumbags!

    I remember back when I was 11 years old and playing the online games site Neopets! Even in those days and on that website the EXACT same trick was being used by people to get passwords for a flippin fun and games site - ofcourse when being used on warrior's there is alot more at stake than some pretend money and highscores.

    IMHO - It would be an excellent idea to make a special short report outlining these basic scams: phishing, stuffing, poxy images etc and compile it for Warrior's to read through free to educate them and give them a chance to avoid these scumbags money-robbing tactics.

    Just so that people do know - if you see any unethical behaviour online then report the criminal to 1) www (dot) ic3 (dot) gov 2) The persons own web hosting service provider. 3) The forum admin at the forum they are using.

    AJ.
    {{ DiscussionBoard.errors[4794570].message }}
  • Profile picture of the author andybeveridge
    A big thanks for the warning. It would be so easy to miss something like this. I have to get out of the mindset that because I would never dream of scamming anyone then I will never be scammed myself.

    Hope Karma really works.
    Signature

    Become a Digi Warrior and join us in the successful Dig Warrior IM Academy
    Join us at www.digiwarrior.com

    {{ DiscussionBoard.errors[4794586].message }}
  • Profile picture of the author Alex Kage
    Woah, hope no one got their login details snatched.
    {{ DiscussionBoard.errors[4795766].message }}
  • Profile picture of the author Nathy Curiel
    Thanks for the warning !
    {{ DiscussionBoard.errors[4795992].message }}
  • Profile picture of the author whatihave
    Banned
    Thanks for the warning. You always have to be extra careful.
    {{ DiscussionBoard.errors[4798649].message }}
  • Profile picture of the author Paul Myers
    Interesting this thing got resurrected now.

    Just yesterday morning someone posted a phishing link here that was pretending to be a way to interface Aweber and Facebook.

    Be careful out there...


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[4798665].message }}
    • Profile picture of the author RAMarketing
      Originally Posted by Paul Myers View Post

      Interesting this thing got resurrected now.

      Just yesterday morning someone posted a phishing link here that was pretending to be a way to interface Aweber and Facebook.

      Be careful out there...


      Paul
      Ha the funny part is that you CAN integrate aweber and facebook easily, aweber advertises it every time I log in :-)
      {{ DiscussionBoard.errors[4798674].message }}
  • Profile picture of the author John Romaine
    Me and Richard Van will sort em out.

    Richard you hold em down, Ill Google slap em.
    Signature

    BS free SEO services, training and advice - SEO Point

    {{ DiscussionBoard.errors[4798680].message }}
  • Profile picture of the author Paul Myers
    Ha the funny part is that you CAN integrate aweber and facebook easily, aweber advertises it every time I log in :-)
    I know. That's probably why they chose that, since a lot of people here would be aware of the option and not be as skeptical as they might otherwise have been.

    Phishing attempts are getting a lot more sophisticated and targeted.

    For instance, we often see people asking "everyone" or "all Warriors" to add them to Skype. Some of those requests are probably harmless and naive, but I'd bet a good chunk of them aren't. Why would anyone want to have that many people in their Skype contact list?

    Google the phrase: Skype phish


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[4798724].message }}
    • Profile picture of the author RAMarketing
      Originally Posted by Paul Myers View Post

      I know. That's probably why they chose that, since a lot of people here would be aware of the option and not be as skeptical as they might otherwise have been.

      Phishing attempts are getting a lot more sophisticated and targeted.

      For instance, we often see people asking "everyone" or "all Warriors" to add them to Skype. Some of those requests are probably harmless and naive, but I'd bet a good chunk of them aren't. Why would anyone want to have that many people in their Skype contact list?

      Google the phrase: Skype phish


      Paul
      I often wish I had no Skype, Facebook, Linkedin, etc list... oh to be back with one home phone (that I could unplug) oh well, onwards and upwards I guess :-)
      {{ DiscussionBoard.errors[4798728].message }}
  • Profile picture of the author braincandy7
    What a puddle of smelly pond scum some people are.
    {{ DiscussionBoard.errors[4798739].message }}
  • Profile picture of the author robledo1
    It's interesting to see people that dedicate a massive amount of time coming up with ways to rip people off.

    I've been getting emails that take me to phony bank sites. They look legit until you start clicking around. LOL

    Thanks for the heads up.
    {{ DiscussionBoard.errors[5826790].message }}
  • Profile picture of the author megawarrior
    Thanks for the heads-up Paul! It's really important to check URLs for phishing attempts whenever someone provides a link. Anyway, it looks like his host has suspended his account for ToS violation. Someone must have reported it. Good job!
    {{ DiscussionBoard.errors[5826992].message }}
  • {{ DiscussionBoard.errors[5827014].message }}
  • Profile picture of the author ryanhan
    [DELETED]
    {{ DiscussionBoard.errors[6756361].message }}
    • Profile picture of the author cashp0wer
      [DELETED]
      {{ DiscussionBoard.errors[6756376].message }}

Trending Topics