Fake Logins and How to Avoid Them

Trick logins and how to avoid them

Do any of you buy or sell on eBay? Do you have an account with PayPal? Maybe you have had your MySpace account hacked. A friend of mine on here had her MySpace account hacked, but I don't know how it happened. I know one way people manage to hack accounts is by false logins from emails. You might get an email from eBay regarding feedback or a dispute, yet you may not be buying or selling anything at the time, so there's an obvious hack right there. But what if you are buying or selling? How do you know it's real? I'll show you how using an eBay account as an example.

Whenever you get an email message from eBay in your emailbox and you want to check the validity of the message, DO NOT LOG IN BY CLICKING ON THE EMAIL LINK! If you click on the link it will take you to a page that looks similar to eBay, but it's not a valid page. It's not until you log in with your username and password that you're basically sending the hacker your information. Unless you write to eBay or PyPal about a lost password, those companies like many others will NEVER send an email requesting for your login and password, whether by a fill-in form or by clicking a link. Here's what to do instead:

Let's say that you see the suspected fake letter from eBay in your emailbox, open up a new page in your browser and go to eBay. What you do then is login on the real page, then go to "My eBay" and see if the same message appears in the real eBay account as your email says it does. If there's no email in your eBay mailbox that's the same as your normal email box, then the current one in your regular emailbox is a fake and you can delete it (or take a few minutes to report it which is always helpful to others). If the message in the eBay mailbox is the same as that from your regular emailbox, then it's the real deal. Keep in mind that anyone can go into someone else's account and keep trying logins and passwords until they find one that works, but the majority of secure sites only allow a limited number of password tries until it shuts you out for a predetermined period of time. BUT, also remember that as long as the human element is involved, nothing on the internet is 100% secure.

Ok, so what if you screwed up and accidentally logged in by clicking on the email links? If you catch it quick enough there's still a chance to save it. Again, let's use the eBay example. What you can do is go to the real eBay and use the same login you've always had. From there you should be able to go into your account information and change the password, FAST! I know it may be difficult but the best practice is to keep passwords for all your visited sites (that require a login and password) different from each other. This way if a hacker gains access to one site, chances are that they will be unable to get access to other sites you visit if the passwords are different from each other. I'm sure you've been told to use a combination of letters and numbers, which always helps. But it's also helpful to make long sentences or phrases while throwing in an odd number or symbol somewhere in the password to throw potential thieves off track. How does the saying go, "A stitch in time saves nine?". It's also helpful to change your passwords from time to time as well, even though I feel it can lead to forgotten passwords if changed too frequently and not written elsewhere.

This also works for MySpace, banking sites, and others. Some sites I visit require a login and password to post messages in the forums, and I'm not too concerned about those getting hacked. It's the big sites such as eBay, PayPal and my banking website that I protect by having long passwords with combinations of upper- and lowercase letters and numbers representing letters.

Another way of checking the validity of a possible spoof email is using the cursor. On most web sites when you move the mouse over a link, the arrow turns into a hand with a pointy finger, but the status bar (if you have it turned on by having the check mark next to it in your browser menu) will show the URL of the page or site that you'll go to when you click on the link. You don't have to be a computer scientist to realize that you won't go to eBay when the status shows something like "www.computerama.co.uk/login/" when your cursor is over the link to eBay or to the eBay login. Be careful of some hyperlinks though as they might have a lowercase "L" in their name. So if you see a link for PayPal, if you were to capitalize all the letters in the hyperlink, it might come out as "WWW.PAYPAI.COM", with the ""L" being an uppercase letter "i".

If you're using an application such as the Mail app on a Mac or Microsoft Outlook on a PC, there's no status bar available (to my knowledge), and the only type of indicator shows the status of sending and retrieving mail and such. I have email accounts with Netscape and Fastmail.fm, and I get both of them from my mail application on my Mac. However, sometimes I pop in to the AOL mail page (which took over the Netscape mail) and the www.fastmail.fm page on the web, and I can then see the status bar and where those unknown links will take me. I hope this helps everyone.

- Eric Buczynski

Back to Home