2 New Website Scams

Posted by on Jan 14, 2017 in Blog, Web Security

If you use a browser, you are susceptible to these two threats, but knowing one simple trick can save you from both and many more website scams.

The Gmail phishing scam is the first scam we’ll cover.  You’ll click a link thinking it’s taking you to Gmail.  Then you get what looks like a legitimate Gmail login screen.  But guess again!

How can you tell?   You look for the little green padlock, and as you can see in the 2nd image, it just ain’t there.

Why would somebody want to steal your email password?   With access to that email, they can reset the password for your bank (and other) account.

How do they know where you bank?   Several ways.  The first, is they can just use scam #2, hidden form fields, but there’s another way.   When you’re on a website, that site can read your I.P. address, which pretty much tells where you live.  There are only so many banks in the area, right?

There are two ways to avoid this trap.   The first, is to never go to an important website by clicking a link.  Always type the web address into your browser’s address bar.   The second way is always look for the green padlock before typing ANYTHING into any website, ever!  (More about this in a moment.)

Scam #2

We’re seeing a new trick to get your passwords and other sensitive information. Most browsers offer to store your credit card info, passwords and other data for easy form-filling.  Your browser can be easily tricked into divulging that information when you visit a hacked website or a “questionable” website.

The way it works is that the web page merely has the form fields hidden, so that you never see the data it is stealing when your browser happily fills those hidden fields with your bank info.

Maybe the web page is asking something innocuous like “Enter your favorite artist.”, but unseen to you, those hidden form fields have been filled with your credit card info, bank account number and password.

The “cure” is to never fill out any form on any page that does not have the green “padlock” and “https://” in the upper-left of your browser address bar.

Examples:  #1: HOA login page (unsafe!),  #2:  HOA login page (safe!)

No green padlock – Beware!

Green padlock = OK!

In the Gmail scam –

No green padlock? Beware!

Green padlock = OK!

Read the story here – http://www.express.co.uk/…/Google-Chrome-users-warned-simpl…