The criminals are getting more clever by the day. This time they almost fooled me. I was tired and in a hurry and I got an official looking email from Twitter (and we get quite few) that said, “Hey someone is saying really bad rumors about you… bit.ly/XXXXXXX” (the link has been changed to protect you). And this came to our @cloud8 twitter account.
I couldn’t figure out who’d saying really bad things about me — but I sure thought of some rumors about EB that would be juicy…
But anyway, being the valiant one, I didn’t want anyone spreading rumors about EB (even if they were true) so I clicked the link to read the message online — and was, as expected, presented with a Twitter login box — except LastPass wasn’t automatically signing me in as it usually does. I thought perhaps LastPass was being uncharacteristically remiss — then it hit me — I was almost duped into giving away our @cloud8 password to a bunch of stupid crooks. I looked at the address bar of my browser and sure enough it showed http:// tvvitiler.com (Don’t go there) – and not https://twitter.com/ as it should have been. I skedaddled out of there leaving EB to protect her own tarnished reputation.
Above is a screen shot of the fake Twitter message – some information was intentionally obscured to protect the person whose Twitter account was hijacked.
If not for LastPass — I’d have blindly fallen for a phishing scheme because I was tired and careless. Just because it looked like a Twitter message – and the return address was forged to @twitter.com ) I blindly clicked the link to reply to the person who supposedly sent the private message to @cloud8.
I’ve been working with computers for 17 years now — and I am aware of almost all of the tricks. But I almost fell for this one. The moral of the story is — anyone can be tricked. Be careful. Be wary.
I am happy to hear you caught that one in time! That is the main reason I absolutley do not do Twitter or any social networking site. I would rather be safe than sorry. I almost got caught on Facebook. It is an evil world out there for the carless!
Another great reason to use Last Pass. It isn’t fooled by fake addresses. I have got where I even log into my credit card accounts through my LastPass vault. I know then that I am really going to the correct site. Thanks for taking care of us.
Thanks for sharing this TC. Proves even the “brilliant” can be fooled. (OK you can stop taking bows now. And yes, you can stop the “ta-da’s, too.)
I use RoboForm on one machine, and LastPass on the other.
I log into just about everything with one or the other.
And often prefer them over “favorites”, when I can, to even take me to a site’s log-in screen. What a great protection against phishing scams when you have all the sites using log-ins safely entered in one of these two programs. I am often tired and rushed, and at times like that it’s easy to get caught off-guard.