This is the second time I became a target of phishing.
The first time, I accidentaly logged into some stupid webpage that told me I could get questions related to c++. I lost my password and I took considerable amount of time guessing the answer to my secret question before regaining the password. And today, someone made another attempt at fooling me and I did get fooled for a minute.
Here are the chats.
sushmitha_sanyam is not in your Messenger List
Use caution in corresponding with people you don't know and never share confidential or private information with them.
Report as Spam
sushmitha_sanyam: hey
thej172000: yes?
sushmitha_sanyam: do u like sachin?
thej172000: the cricketer?
sushmitha_sanyam: yes
thej172000: used to. why?
sushmitha_sanyam: i made a blog on his name and wrote a couple of articles
sushmitha_sanyam: want somebody to comment on it
thej172000: okay. and you would be who?
sushmitha_sanyam: oh
sushmitha_sanyam: dont you recognise me?
sushmitha_sanyam: we spoke a couple of weeks ago
sushmitha_sanyam: i was looking for theja from blooms school
sushmitha_sanyam: i found you on yahoo search
thej172000: oh! yea i remember. but i said i wasn't that theja right?
sushmitha_sanyam: yeah
sushmitha_sanyam: but i just didn't see the need to delete you
sushmitha_sanyam: and i see you online now
thej172000: hmm. okay.
sushmitha_sanyam: http://google-pages.110mb.com/sachin-unplugged.html
sushmitha_sanyam: thts d one
sushmitha_sanyam: comment on my articles
thej172000: i am not able to login
sushmitha_sanyam: wht happened?
thej172000: i don't knw. it keeps asking for pwd again and again.
sushmitha_sanyam: hmmmm
sushmitha_sanyam: did u try the link i gave?
thej172000: please tell me you didn't give me a phishing site.
sushmitha_sanyam: what is that?
thej172000: whats ur gmail user id?
sushmitha_sanyam: sushmithasanyam2006
BUZZ!!!
sushmitha_sanyam: what happened?
thej172000: why did u name ur site google-pages?
sushmitha_sanyam: bcoz it is google pages
thej172000: its 110mb domain right?
sushmitha_sanyam: yea
sushmitha_sanyam: so?
thej172000: i feel something is fishy..
sushmitha_sanyam is typing a message.
sushmitha_sanyam: wht do u mean?
thej172000: why does 110mb need google password?
thej172000: and that page isn't looking like the standard google login page.
thej172000: so its a phishing site after all..
thej172000: what do u ?
thej172000: *what do u do?
thej172000: hello mr/miss sanyam? are u there?
thej172000: why are u interested in tricking people into giving their passwords?
thej172000: this is a cyber-crime and you can be reported.
thej172000: do you want that to happen?
thej172000: reply ....
BUZZ!!!
So here is what happened. I fell for the trick and entered my google credentials without a second thought. But I couldn't login(Thankfully) and when I couldn't login the second time, I noticed that there was no ForgotPassword link. The usual google logo that comes in the addressbar when you enter any google webpage was also missing. I immediately changed my password. Then I tried to casually ask for the girl/guy's gmail id which I got.(I still haven't verified it's authenticity). I reported both the webpage to both IE and Mozilla. I wish I could do something more about this. (Yes, I am pissed off on being tricked twice).
I want all my readers to do this thing.
Send a message to this guy telling him that what he/she is doing is wrong.(In pure Gandhigiri style).
Just a simple 1 line message. Also report the site.
A few tips on saving yourself from being targets.
1. Get the latest updates on your browser.
2. Be careful whenever you enter your credentials. Just take a careful look at the link, the page(logos, format etc).
3. If you are suspicious, do the following. Open a page that belongs to the correct domain and login. Then, copy paste the link in a new tab in the same browser window and press enter. If it belongs to the same domain, you will be logged in automatically.
For example, I could have opened gmail.com and then opened this site in a new tab and noticed that I don't get automatically logged in.
4. Always report phishing sites if you find one.
5. Have a backup mail id in case you lost your password. Make your secret question a true secret.(One of my friends secret question was - Which is your favourite team? Bah! Any indian would guess that). But don't make it so tough that you forget it yourself.
6. Have one mail id that you never use only to be the back up mail id. In case you forget or loose any password, then a new one will be sent to that mail id on request. Donot use this mail id for any other purpose.(I do this way).
And guys, after sending a message to this person and reportint this webpage, please let me know that you did that. It would make me happy.
