First of all, thanks to
miesomn @ pornbb for this wonderful tutorial
Fake RapidShare Pages & Account Phishers!What is phishing? Phishing is a fraudulent attempt to steal personal information. The best way to protect yourself from phishing is to learn how to recognize a phish. Phishing attempts usually appear to come from a well-known organization and ask for your personal information, such as credit card number, social security number, account number or password.
In order for internet criminals to successfully "phish" your personal information, they must get you to go to a website and enter your information. Phishing will almost always tell you to click a link that takes you to a site where your personal information is requested. Phishing pages will steal your RapidShare account.
First thing to look for when trying to spot a phishing page is that most phishing URL's are masked by link protecting sites and URL shortening sites. For example the address (remove spaces):
http://lix.in/-5aad4ewill lead you to hotbb's index page.
This is mainly used to hide the actual site the phishing page is hosted on.
Some sites like this are (remove spaces):
How to spot a phishing attempt?Some screenshots from fake RapidShare pages
Log In :
Premium Zone :
In the Premium Zone, remember to check the URL "https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi" There are couple of ways to avoid phishing.
First being looking at the source of the page. If it's different from the usual "http://rapidshare.com/files/..." be aware.
Secondly, if you enable direct downloads via your rapidshare premium account settings, this setting will bypass the need to access the above pages and automatically download the file.
Also be careful what you click, because fuckers are also hiding fake links like this:
http://rapidshare.com/files/12345/EXAMPLE.rarHow to avoid phishing attempts? As stated above one of the ways to avoid phishing pages altogether is to enable the direct download feature, so if you get asked for your username and password with this setting enabled, the link you have just tried to download is most likely a phishing attempt.
Other ways to download without risk of being phished is to use a download manager such as FlashGet, RapGet, Jdownloader, IDM and so on. These applications require the direct download feature to be enabled, in order to let you download from rapidshare using them.
Also, rapidshare have introduced a new feature called the security lock. It is a very good and wise idea to enable this option, as it will stop people primarily changing your password and thus stealing your account.
What do i do when i see a phisher? Easiest thing to do is report the topic, if you happen to come across a topic here with phishing links in it.
Report, using the
button (top right corner) and reply warning other users, so they won't enter their details and lose their accounts.
I have been phished, now what? If you so happened to have been phished, only method of getting your RapidShare account back is sending a email to RS's support.
More info here:
http://rapidshare.com/support.htmlAfter contacting RapidShare's support team, they should supply you a new password for your account and you can get back to downloading.
Signs of possible phishing sites: - Most of the time, they are used by link-protection sites. Also, if you are brought to a rapidshare login, check the link and make sure its the correct rapidshare login URL. If your not sure, for extra safety, go back to the rapidshare homepage and if your not logged in, do it there so you know your at the correct page.
- On Rapidshare, there is a fairly large medallion, if you think a site may be a phishing site, the fastest way to check is to see if it has this logo :
If it does have the logo, scroll over it, it should take a second (the page does a quick refresh) and you should see a box similar to this (only difference would be time).
If you do not see that box, or it says something like "No Data Available" it is a phishing site.
- A more technical solution: The login page at rapidshare.com uses SSL-protection with the following Encryption Protocol: TLS v1.0 256 bit AES (1024 bit RSA/SHA). A phishing site in 95% of the cases, doesn't use encryption, for "plain text" password procurement.
There are more ways to find out whether a specific page is phishing or genuine, like converting the DNS of the original page to an IP and comparing with the IP of the suspicious page, also you can whois the IP and find out the range of rapidshare servers and then see if the IP of the suspicious page is in that range, and so on.
Of course, advanced hackers can create fake certificates to trick users, but almost every browser is able to detect fake or suspicious certificates. (Issuer name missing, for example). Scammers can also configure their web server so that deceptive SSL certificates won't trigger an alert in the user's browser. "One of the SSL encoding methods is "plain text". Most SSL servers have this disabled by default, but most browsers support it. When plain text is used, no central certificate authority is consulted and the user never sees a message asking if a certificate should be accepted (because 'plain text' doesn't use certificates). Keeping that in mind, the little lock icon may not even indicate an encrypted channel. The little lock only indicates an SSL connection." A technique called visual spoofing offers another method to present a "lock" to visitors on a Scam phishing site. The technique alters the user interface of the web browser, substituting images for parts of the browser interface that would normally help users detect the fraud. Javascript links launch a new browser window without scrollbars, menubars, toolbars and the status bar - which allows the scam artists to substitute a fake status bar containing the URL for a legitimate site, along with an image of a "lock" indicating a secure SSL site.
What do I do if I find a person with a "phished" link, and what happens to them? - Report, Report, Report. Once reported we will remove the topic from public view and most likely the person will be BANNED. Thats right, no warning, BANNED.
Is it only Rapidshare phishers? - So far it has only been for rapidshare accounts, but that does not mean its only for rapidshare. People will most likely phish for other popular uploading site accounts, so beware.
What happens if I get 'phished'? - We can only TRY to prevent it, but we are not responsible if you fall for it. If you loose your account, though, contact RS, MU, whatever and see what they can do. If you feel like you have entered your info in a fake site, CHANGE YOUR PASSWORD IMMEDIATELY!
Remember, we need to get rid of these guys as quickly as possible, and the staff are kicking it up a notch to take care of the reports as soon as possible.
News 
Site map 
SitemapIndex 
RSS Feed 
