Your Messenger Buddy can steal your password !
Always think twice or three or four times before giving out your password anytime you visit a site through a link given to you from any type of source, be it email, messenger, sms, or anything.
I recently received an instant message from one of my messenger buddies asking me to check out some pictures… (duh… this should’ve been clue #1). I would normally be extra cautious when I get these kinds of messages through emails. This time, however, the message comes from an instant message from a messenger buddy and I didn’t know you could get phished this way.
I didn’t think twice and clicked on the link. It asks me for my username and password, and like an obedient servant I did, only to realize that I’ve been phished once I found random pictures on the site.
Below is the what little information I can gather by doing a whois on the phishing site:
WHOIS information for: cefcell.com:
[whois.enom.com] =-=-=-= Visit AboutUs.org for more information about cefcell.com AboutUs: cefcell.com Registration Service Provided By: NameCheap.com Contact: support@NameCheap.com Visit: http://www.namecheap.com/ Domain name: cefcell.com Registrant Contact: TST Management, Inc Jeff Fisher () Fax: Edificio Magna Corp. 5th Floor, Office 511 Ave. Manuel Maria Icaza y Calle 51 Panama City, Panama 0000 PA Administrative Contact: TST Management, Inc Jeff Fisher (tstmanagement@gmail.com) +507.2021577 Fax: +1. Edificio Magna Corp. 5th Floor, Office 511 Ave. Manuel Maria Icaza y Calle 51 Panama City, Panama 0000 PA Technical Contact: TST Management, Inc Jeff Fisher (tstmanagement@gmail.com) +507.2021577 Fax: +1. Edificio Magna Corp. 5th Floor, Office 511 Ave. Manuel Maria Icaza y Calle 51 Panama City, Panama 0000 PA
In any case, please be extra careful with your passwords and always double check with the source, especially when the message seems generic and lacking specific information.
When in doubt, you can also check if a site is a phishing site by visiting https://www.phishtank.com/. If the site is found there, then it is a phishing site. If not, then it may or may not be a phishing site. In my case it didn’t show up because apparently they created a new page for each potential victim by using the victim’s first name as a subdomain.
