We Don't Need to "Phish" For Your Username and Password
admin Recently, one of the members of this site (who has since had their accounts removed) abused their privileges and sent out the following message to a number of you:"Note from the Owner of this Website (Randy turner) we are asking every user on this site for their password so please reply the operator your password, and thank u for your time. Note: We are having some difficulties with our program, Note: Nothing will harm your Account, Username, and Password"
Most people who received this message realized that it was just a poor attempt to hack their accounts, but a few gave up their passwords. We have deleted all of these messages and have been monitoring the accounts where members did supply their passwords. There doesn't appear to have been any harm done, but we still feel this is a good opportunity to point out one of the most important tips for staying safe online – never supply personal information via e-mail (or in this case, personal messaging services).
Having your username and password compromised on TheTopTens is a minor inconvenience. After all , what' the worst that could happen? Someone adds some goofy stuff to your profile page and submits comments that do not reflect your opinion? But if someone had used the same type of "phishing" trick to steal your banking information, credit card numbers, PayPal login, etc., the consequences could be much worse.
Below is an actual example of an e-mail that was used to steal people's PayPal account information (see screenshot here):
"Information Regarding Your account:
Dear PayPal Member!
Attention! Your PayPal account has been violated!
Someone with ip address 86.34.211.83 tried to access your personal account!
Please click the link below and enter your account information to conform that you are not currently away. You have 3 days to confirm account information or your account will be locked.
Click here to activate your account
You van also confirm your email address by logging into your PayPal account at http://www.paypal.com/ Click on the "Confirm email" link in the Activate Account box and then enter this confirmation number: 1099-81971-4441-9833-3990
Thank you for using PayPal!
The PayPal Team"
When someone receiving this e-mail clicks on any of the links (even the one that says www.paypal.com), they are sent to a webpage that looks exactly like the PayPal loging screen but is owned by the scammers who sent the e-mail. The username and password they type in on that page is collected by the scammers and then used by them to log in on the real PayPal site and take their money.
Millions of people get tricked by e-mail messages like this, but by following a few simple rules you can avoid becoming one of them. Never click on links in e-mails and never supply sensitive personal information via e-mail. If you receive a message like the one above that you think may be real, contact the company behind it directly. Instead of clicking the PayPal link in the e-mail, open a new browser window (Internet Explorer, Firefox, Safari, etc.), go directly to the PayPal site. If you receive a notification that your bank needs to "update" it's records or that your bank account has been compromised, contact your bank directly.
Usually, if you think things through, you can pretty easily detect a phishing scam. In the case of the attempt to steal information from our members, most people realized that it was a fraud because in order to log into TheTopTens, we have to have be able to verify your password. And since you have to be logged in to see your messages, it would be pointless for us to send a message to members asking for their passwords because there would be no way for them to view it.
Rest assured, we will never ask for your personal information via a personal message or e-mail. In addition, we recently added an option to allow or disallow other members of TheTopTens to send you personal messages via your edit profile page. Please note that when disallowing personal messages, you may still receive messages from site admins notifying you of blog comments, submitted list statuses, and others.
And, by the way, nobody here is named Randy Turner.
Comments
nobody is named randy turner except the creator of this cool website;operator who is: randy turner - powerpufflover
why don't you make bffs with operator and see what his name is - powerpufflover
There is no Randy Turner working on this site, I'd know. The person behind the username Operator is just a punk who tried to steal passwords from some of the members of this site including powerpufflover. No point on trying to "make bffs" with someone we don't care to associate with. Besides, since Operator already had a profile on the site, I'm pretty sure we know what his name is already - and no, it's not Randy Turner. - admin
Oh, thank dog. - booklover1
go on to my account - powerpufflover
as stated above it said atleast nothing will harm everyone's accouts including operator - powerpufflover
Yes, he said nothing will harm your accounts but he also said we are having difficulties with the site, which we are not. So why would you believe him when he says nothing will happen to your account?
I see that you are 10 years old according to your profile so I'll try to make things simple:
1) Operator lied to you.
2) Operator (aka Randy Turner) is not an owner of this site.
3) Don't believe everything you read. - admin
Im glad i reported this guy to the admin :D - dragon13304
You were the one to report him? Thank you. A lot of users should be very grateful. - visitor
son of a bitch! im a noob to the site (so dont give me heat). thank christ that nothing happened to my account. whew - fireinside96
Yeah you are lucky. I hope one day I'll be able to join and stuff, but I just hope that I won't get hacked or anything. Thanks for the warning about this kind of stuff. - visitor
Who the hell would do this....well yeah it was a nice idea but it's WRONG!!!!!! - SmoothCriminal
right ppl need to get a lyfe - kaybricks15
never should it happen
- mcIGoChop
That's horrible - visitor
What was this idiot thinking what the hell could you possibly do with anyone's account. " someone said that I hate Pikachu I'm so afraid! NOT. One comment isn't going to hurt anybody. - Pikachulover1
I don't believe Randy Turner - nothingbutcool