Friday, August 15, 2014

Whatsapp Update Scam!

Just recently, another scam was found. The scam was asking you to upgrade your Whatsapp to a newer available version. Please read the pictures below.


 
What is happening was while using Facebook on the mobile, you get this pop-up message suddenly, and bringing you into a new page.

Let's be detective
 Look closely to the address bar again. We always check the Domain name. Domain name for this page is "dovelane.com", rather than the proper one "whatsapp.com". What is dovelane? If you do not know the source, do not anyhow click on the request they sent to you.

So, this is what happen when you click on something from an unknown source to you. 

Thanks for Facebook friend Leslie Chin, for sharing his personal story.

The following is the real and true official Whatsapp page that you should look into. "www.whatsapp.com".


Additional notes
You may be curious to know, if it is not from the real Whatsapp, why is there "whatsapp.dovelane.com" in the address bar?

That is what we called as sub-domain, apart from domain name itself. When we create a website, we need to register a domain name which is handled by ICANN, Registration of domain name has certain cost and charges.

However, subdomain is free. Once we have a domain name, we can have many different subdomain. For example like what you should have seen before, m.facebook.com, touch.facebook.com, and any name you can think of!

That's why, do not trust any website which its domain name is unknown!

Yup, that's simple as that:
  1. Always check the domain name.
  2. Never believe of what you see as the sub-domain. It can be any name.
Let's make the internet a safe place together. Happy surfing!

Wednesday, August 6, 2014

Facebook Hacker!

Do you know how a hacker hack your Facebook account?

It is simple: Ask your password directly from YOU.

Yes. YOU are the only ONE who can let the hacker hacks you, and YOU are also the only one who can stop them.

Here, I will just show you one of the example of how hacker actually "ask the password from you".

"我們從其他Facebook用戶收到的報告,在您的帳戶有任何可疑的活動。 您的帳戶涉及網絡釣魚或垃圾郵件, 冒充其他人, 使用捏造姓名。 您的帳戶將被停用。 如果該報告是不正確的,遵循下面的鏈接以驗證您的帳戶: https://apps.facebook.com/fb-system-security/?fb_suorce=facebook-security-system 如果3天之内您不验证您的帐户。我们很抱歉,您的帐户从系统中删除的Facebook。 很抱歉給您帶來不便。 謝謝, Facebook的安全團隊"

Sorry for the mandarin. Here's the translation:
"Your Facebook account has been reported by other users, claiming that you have carried out some suspicous activities. Your account has been used to send phishing websites and junk mails, and using fake sender name. Your account will be shut down. If the report is not true, please click the following link to verify your account: https://apps.facebook.com/fb-system-security/?fb_suorce=facebook-security-system If you never verify your account within 3 days, we are sorry, your account will be deleted from Facebook. We apologize for your inconvenience. Thank you. - Facebook Safety Team"
 Let's be detective now B-)
First, don't simply click any link sent by unknown user. Any link that you would like to click, hover over it first (put your mouse on the link but not clicking), and the "real address" will be there:

So you see a link, which is from "https://apps.facebook.com/.......". So far, everything seems to be normal.

Once you click it, this page occur:

 Beware! Look at the address bar. Once you click the link, you are redirected to this page: "interrogation-fb-problems.bugs3.com/...." Be careful, you are now NO LONGER within the Facebook. Because, Facebook will always have the domain name 'facebook.com', not "bugs3.com".

So far you are still safe, as long as you don't further proceed with anything. You are 'required' to type in your login email and password for your facebook. And, what's more, it asked you to choose the security question. Remember, DO NOT KEY IN ANY PASSWORD from here and on. Once you key in your correct password and click next, Oops! Your Facebook account will be gone, unless you are able to change your password before they make use of your account.

Yup, that's as simple as that. 2 steps to detect whether it is phishing website:
  1. Check the 'real address' at the bottom of your browser by hovering on the link, before you click the link.
  2. Once you clicked the link, check the address bar to see whether you are still in the same page.
 So, please be careful, Facebook users. Have a nice day!

P/S: Facebook will never use chatbox to ask your verification. If you are being reported, you will be notified by Notification rather than Message.