oldgeek
Well-Known Member
- Joined
- Aug 25, 2021
- Messages
- 69
There has been reports of a large number of Phishing attempts going around, particularly on sites that have or are using Sinfle Sign On. Hackers have apprently been catching an abnormal number of people with them either directly when they surf the web or using email with the same thing displayed in the email.
Unlike the majority of sign on's that use a text message, a phone number or other methods as a three stage sign on, these just have a name and password or sign in with your Google, Facebook, INstagram or whatever. As you suspect, they catch the persons password and then the game begins. The unfortunate part about this is it more easy in Chrome then other browsers. They are able to exactly duplicate whatever site logon screen maybe, even down to the URL. Not unusual to duplicate the signing in but to duplicate the URL is surprising. SSL sites are even involved and the best way to check any SSL site to see if it is valid is to do the following:
Look for the lock symbol in the address bar and click on it
Then click on the words "connection is secure" ( you may see it says it is not valid) do not go any further and leave the site
once you have done that, click on the words "certificate is valid" (at this point you may even see it is not valid.)do not go any further and leave the site
If the final step is successfull it should providew the certicate information and the period for which it is valid
Be careful out there folks (as one TV show use to say)
OldGeek
Unlike the majority of sign on's that use a text message, a phone number or other methods as a three stage sign on, these just have a name and password or sign in with your Google, Facebook, INstagram or whatever. As you suspect, they catch the persons password and then the game begins. The unfortunate part about this is it more easy in Chrome then other browsers. They are able to exactly duplicate whatever site logon screen maybe, even down to the URL. Not unusual to duplicate the signing in but to duplicate the URL is surprising. SSL sites are even involved and the best way to check any SSL site to see if it is valid is to do the following:
Look for the lock symbol in the address bar and click on it
Then click on the words "connection is secure" ( you may see it says it is not valid) do not go any further and leave the site
once you have done that, click on the words "certificate is valid" (at this point you may even see it is not valid.)do not go any further and leave the site
If the final step is successfull it should providew the certicate information and the period for which it is valid
Be careful out there folks (as one TV show use to say)
OldGeek
