Your Online Security: Don’t forget to look at where you are

While many aspects of your online security are out of your control (hackers breaking into your bank, a website that you shopped at previously, etc.) a few are.

You have been repeatedly reminded to choose strong passwords and not to click on links in email. I’m here to remind you to also read the URLs of sites that you end up at. Phishing schemes are getting very good and they (along with other coincidental situations) can get even the best of us.

Here is how I came to give away my twitter login this week:

First, let me say that I am rarely on Twitter. I mainly use it for #bashtagging. Last week I needed some customer service from a company and discovered that they have moved their support from email to twitter. Fine. I asked my question and waited for the answer. A day later I wondered what had happened and checked my junk mail folder–there it was.

Clearly the easiest way to have a conversation is to have these notifications come to my inbox and for me to click on the link to reply. After a couple of training clicks in Apple Mail the flow started working.

Shortly after this hurdle was removed I received another message from a friend via twitter using a perfectly matched Twitter template. Real logos, real and proper use of English, etc. Not thinking much of it I clicked the link and was taken to a perfect replica of a twitter login page.

I did not question that I had to log in because I had an incognito browser window open at the time which I was using to compare the logged-in version of a website to the anonymous-visitor version. When you are running an incognito window it does not use any of your saved cookies and you will be asked to log into websites you visit, even if they allow persistent cookies.

Since I was in one of those rush modes I typed in my login and it failed. I looked at the address bar (which I do 99.999% of the time) and lo and behold, it was not, it was, harborers of spam and god knows what else. Fuck.

So I got to spend the evening double-checking all of the logins for all of my online services and make changes as needed so these guys don’t get to be me.

While many ISPs will probably have this domain blocked soon enough, the takeaway lesson is: The Internet is kind of like New York: one wrong turn and you can find yourself very quickly in a bad neighborhood. Make sure to read the street signs as you go.