xat - Get Connected...
Login   News   Wiki   Help   Support   Language  
 
Wiki   Suggestions   Glitches   Forum   Help   Trade   Support   Search

Phishing

From xatwiki

Jump to: navigation, search


The español (spanish) version of Phishing wiki is located at Español Phishing
Türkçe (turkish) version of Phishing wiki is located at Türkçe Phishing

Have you ever heard of anyone who has lost thier xats, or had their account taken over? It's probably because they got "phished".

[edit] What is Phishing?

Phishing is a trick used by criminals to steal your email & password. It is not a "security flaw", and you're not getting "hacked." It's entirely preventable by you, if you know what to look for. You've probably been warned by your online bank about phishing websites, but most people don't think or worry about phishing when using their xat account. On xat, the phishers are trying to steal your xats, your days, your powers, your identity and your email account.

[edit] How Does the Scam work?

It starts with the person trying to phish you by making a webpage that looks just like the login page of the website you're trying to use. Then the phisher comes up with a creative way to get you to click on the link to that page, maybe saying you'll get free xats, days or powers. When you see the link and click it, you are presented with the fake login page created by the phisher. If you enter your info, you've been "phished" - you've fallen for the trick, and they've captured your username and password! The phisher will then login as you and steal your xats, your days, your powers, your identity or your email account.

IMPORTANT: if a page asks for your email password IT IS A PHISHING PAGE. xat will NEVER ask for your email password.

Some sites may ask you to sign up for their forum or other features. If you use the same password as you have for your email account or xat account then they could use it to phish you. You should NEVER use the same password on your email account or xat account as you use for your login to ANY other site.

Scammers may ask you to give them a .sol file from your computer or have you download a sol editor and tell them the numbers, maybe by promising you will be owner of a chat or be unbannable. These numbers are your passcodes and should be kept secret. A scammer with these numbers could phish you. You should NEVER give secret files or passcodes to anyone else.

[edit] How Can I Protect Myself?

To make sure you don't get phished, you have to understand exactly how it works. When you click on a link in a chat box it may show the image below as a header to warn you not to enter your xat password on this new website.

Image:Phish.png

[edit] Make Sure you Only Enter your username and Password on xat.com

There is only one easy way to know that you are at the real login page. That's by looking at your browser's address bar, the place you view or type in the URL of the website you want to visit. By looking there, you'll know what website you are actually on at the moment. For xat, the only page you should login to is "xat.com". You may think you know exactly what the xat login page looks like and that someone could not trick you into typing your info into a fake page it is very easy to fall for this! It's also very easy for anyone to make an exact copy of the xat login page, or the login page of any website you use.

[edit] Use Different Passwords for Different Accounts

You should NEVER use the same password on your email account or xat account as you use for your login to ANY other site. If someone managed to phish your password on your site they would have control of your email as well. Often this means they can access all your accounts on every site you use and it's more difficult to regain control of them again. If your email password is used on other sites, including xat.com, you should change it right away. If your email account has been phished you should contact your email provider for assistance.

[edit] Use Strong Passwords

To make a strong password that cannot easily be guessed, combine letters, numbers, and symbols into a length password, at least 8 characters in length, 14 characters is ideal. Avoid your name, your login name, sequences or repeated characters and common or dictionary words.

[edit] Giving personal information

Don't tell your password to anybody else, even if you trust them 100%, they could take over your account, or they could fall for a phishing scam using your account information. Also do not give your register link to someone else ( link looks like http://xat.com/web_gear/chat/register.php?UserId=123456&k2=123456 ).

[edit] Change your Passwords Regularly

It is recommended you do this every month or so.

[edit] What do I do if I Think I've Been Phished?

If you think your account is phished right now, just change your password. Use the forgotten password feature on xat if you cant login. That locks the phisher out, simple as that. For other problems please contact us by ticket at http://xat.com/support with "xat I may have been phished" as the subject of the message.

[edit] How Can I Report Suspected Phishing Sites?

Go to http://xat.com/support and report the site to the "Report Phishing Site" department and xat will take appropriate action.

Retrieved from "http://util.xat.com/wiki/index.php/Phishing"
Personal tools