This time, I'm going to go over something that's absolutely rampant on today's warez forums:RapidShare account phishing.
Fear not!. I have few guides to find whether its a phishing link or gentle link. After you read this guide I can promise will make sure you don't get your account stolen/phished, and I guarantee a 100% success rate. Ok guys now lets war with phishing witch.
So first off. Let's analyze what exactly phishing is. Phishing (pronounced "fishing") is the process by which someone makes a complete visual copy of a website and puts it up on a different server( anyone can access it like a regular website), so that unsuspecting users not paying close attention will input their personal data, which gets sent to the scammer. This is commonly used on banking/credit card/PayPal-like sites, in which someone logs into to what they think is the real site, but their details are sent to the scammer. These people don't suspect anything, because once the scammer has the login credentials, he can have his phished website redirect the person to the real site, and have them automatically logged in using the credentials he just stole. It's an ingenious idea, but is utterly dangerous and very angering to us unsuspecting users. The biggest flaw of RS that scammers exploit is the ability to be logged into an account from multiple computers. I'll explain more as to how this related to RapidShareas we go on.So, now that you know what phishing is, here's the ways you can successfully fight it.
Phishing Techniques:
- Social engineering -It is so pervasive that even corporate and government sites are actively informing their users on the issue
- Link manipulation -By the way of fake links. (like RapidShare)
- Filter evasion -Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails
- Website forgery- By javascripts shows you to same asorigina website (like RS)
These are the 4 comman way of phishing in internet. Most of the RS accounts get stolen by Link manipulation & WebsiteForgery
To avoid:
1. Lock Your Account (Not, Really):
This will do
2. Set Your Account Up To Directly Download:
What does this mean? It essentially means that you don't go through the screen that asks you if you'd like to download as a Free or a Premium user. This shows up by default, whether or not you're logged in as a Premium user. You've all seen it, but here's a quick screenshot of what it looks like, just so you know which page I'm talking about:
Here's a few visual examples of real and fake links. Fake (These were taken from actual phishing links. Although the URL's are obviously wrong, don't scoff at people for falling for it. The screen they saw at this URL was the exact same as the Free or Premium Download page above. Would you have spotted the difference if you weren't looking at the URL? Source for links: KATZFORUMS Recycle Bin)(Image source katzforum)
If it still shows the screen but it's a genuine RapidShare link, then it's a possibility that you logged out. Log back in. When you log in, RS saves a cookie on your computer to tell the site that you don't need to log in as you've already provided the correct credentials. So your login informaton is saved every time you login into you account. This can be danger so you should logout your account and make sure your cookie is deleted. Now a days many browsers gives option "show cookie" so you can find your rapidshare account cookie whether deleted or not.
This will:
* 100% absolute fool-proof way to avoid being phished
* Makes it even easier to download from RapidShare by removing that intermediate step of having to pick which download type
3. Keep an Eye on Your Traffic Logs!
RapidShare has given you many tools to watch for abusive activity on your account. One tool is an IP Logger found in "Premium Zone>View Logs", which logs the IP Address of the downloader each time a file was download on your account. So how can this help you? It's all numbers to you, right? Doesn't make sense? Fear not! Essentially, what an IP Address is a household-specific address that identifies your internet connection. It's kind of like a family name that identifies who you are. Each computer has their own IP provided by their ISP. All you have to do is use a free web service to find out what your IP Address is. I personally prefer
www.WhoIS.com
Write that down, and compare it to your traffic log. Each time you see that same number on your log, it means the download came from your computer. If you see an IP that doesn't match the number you wrote down, it can mean one of two things. One, it could mean you downloaded something yourself from a different computer in someone else's house/work. Two, it could also mean somebody has already compromised your account and has been using it to download for themselves. How can you tell the difference? Use the site mentioned above, and paste the unknown person's IP into the box. and click "Lookup IP Address". You'll get a pretty decent explanation as to where the person's IP is based, such as Country/State/City, so if it's at someone's house you know or is at work, you know it was you. If it isn't either and is from some place you know you've never even been too, it means your account has been compromised and is being used. Use that information as well as the information from the IP Lookup to report it to RapidShare for fraudulent
use.
This will
Do Get Maximum Projection
- Don't Save Cookies Of Any Premium Accounts In Ur Browsers.(that is "save password" in browsers) Because some throjan horse programs can get your browser data's so becarefull
- Dont get hurry up to download games! first check url before click on it.this takes few moments.
- If the link is look like subdomian's don't use that link.Always keep distance this type of links
- If you dont like download managers for downloadings, keep two browsers one for downloading another for browsing.
- Every time you finish your downloading dont forget to clear your private browsing
What do you think about this post?
Comments are welcome…
awesome guide thanks
ReplyDeletewat about javascript phishing...
ReplyDeletedo you know java script can do phishing easily!
Yeah java script can make fake address bar and status bars also.
ReplyDeleteBut you have an option "disable javascript in major browser" (like safari) in internet browser make your security level to medium-high or high to disable javascript on browser
Use two browser one for Browsing another for rapidshare(java disabled browser).