Alert: RapidShare Phishing

There has recently been a spate of RapidShare phishing, and to thwart this, us webmasters need to work together to reduce the risk to our users and ourselves.

The mains ones at risk are forum sites and blog sites that accept comments.

In your censorship options/word filter, please add the following phrases:

Quote:

dn.vc/
.110mb.com
tinyurl.com/
lix.in/
12gbfree.com/

Thank you very much.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Phishing Links are usually hidden in:

Code:

lix.in

protection links. This is what one looks like:

Code:

http://lix.in84e270

When you get to the "Fake" Rapidshare site, here is how to tell whether its phishing or not.


Look Below the Premium and Free Buttons, Wheres the Encryption information Box?

And then when you click on premium, regardless whether you have Direct-Downloads is on or not, you get asked for your login.


Once again, Where is the Encryption Information Box?

Then, I have entered in some fake login information and what do you know?


This basically means - I have got your Rapidshare Premium Account, Thankyou!

Quote:

Quote:

Rapidshare Phishing, for those of you that don't know, is a fake Rapidshare web site. It is made to steal your account information and to steal your credit card (or any payment method) if you decide to sign up for a premium account.

The login page at rapidshare.com uses SSL-protection with the following Encryption Protocol: TLS v1.0 256 bit AES (1024 bit RSA/SHA).
A phishing site in 95% of the cases, doesn't use encryption, for "plain text" password procurement.
There are 2 easy things that make the original login page of rapidshare https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

genuine:

• The URL contains "https://", not "http://" Most information is transmitted in clear text so that anyone can read it. HTTPS defines a method for encrypting messages so only the recipient can read it. HTTPS stands for Hyper Text Transfer Protocol Secure (or with SSL - Secure Socket Layer) and represents a TCP/IP protocol that is used by World Wide Web servers and Web browsers to transfer and display hypermedia documents securely across the Internet.
• The digital certificate.

1. For Firefox users, the whole address bar turns yellow and a small lock appears in the right of it, and in the right bottom of the window.
2. For Opera users, in the address bar appears a yellow space wich contains a small lock and then the name of the certificate: "RapidShare AG (CH)"
3. For Internet Explorer users, in the right bottom of the there's a small yellow lock which shows us that a certificate is present.
4. For any other browsers, search for a small lock either in the address bar, either at the bottom of the window.

Of course, advanced hackers can create fake certificates to trick users, but almost every browser is able to detect fake or suspicious certificates. (Issuer name missing, for example). Scammers can also configure their web server so that deceptive SSL certificates won't trigger an alert in the user's browser. "One of the SSL encoding methods is "plain text". Most SSL servers have this disabled by default, but most browsers support it. When plain text is used, no central certificate authority is consulted and the user never sees a message asking if a certificate should be accepted (because 'plain text' doesn't use certificates). Keeping that in mind, the little lock icon may not even indicate an encrypted channel. The little lock only indicates an SSL connection." A technique called visual spoofing offers another method to present a "lock" to visitors on a Scam phishing site. The technique alters the user interface of the web browser, substituting images for parts of the browser interface that would normally help users detect the fraud. Javascript links launch a new browser window without scrollbars, menubars, toolbars and the status bar - which allows the scam artists to substitute a fake status bar containing the URL for a legitimate site, along with an image of a "lock" indicating a secure SSL site.

But then again, some have created a way to make the certificate popup box look genuine, so the best method would be to check the ssl (https://). This is not limited to just Rapidshare. Any of the upload sites can be made into Phishers. If you suspect you have entered your info on one of these sites...PLEASE change your password immediatly. Only you are responsible for your actions if you fall for it. Just like anywhere else on the net, you HAVE to be carefull. Always a scammer looking for prey.

This is one reason why we don't allow live links to be posted. It's for your protection as well as ours and as a community. If you suspect a Phishing link, please report it with the word "phishing" and it will be looked into. We as a community, have to keep aware of these thieves and stay on top of it. One day it could be your account that has been stolen.

TIP: If your on your own private computer, try to stay logged in all the time and have "direct downloads" enabled in your account options. That way if you go to a Rapidshare link page and it asks you to put in your login info after you click "premium" choice to download, it is a fake.

[neil053]

Thanks for the info. I never trust any link which is not a direct link. If it doesn't say rapidshare i don't use it.

[givingriver]

thx bro really nice information i was stolen 3 times i hope u find any way which protect our cookies to from cookies grabbing and really apperciated for this good job

[nielsole]

Thanks for info....
Just get the fake site public so everyone knows.
since i'm new to this forum, I great all off you.
I know you all do a great job and I really appriciate it.
Hope I in time can contribute.

nielsole