Monday, February 23, 2015

TV Tropes got "phished", and how to defend yourself

Well, I just learned TV Tropes got themselves screwed over via a phishing scam.

Some degenerate cockbag "chaozhide" site is masquerading as them, Reddit, and a few other sites, pretending to be legit. And they do look and act legit, with what looks like blatantly copied source HTML from the sites in question, most likely ripped with a website copier, then modified so if you are foolish enough to enter your login details on them, nothing happens.

Except now your login info is in the hands of some shitheel who will most likely be trying to sell off that info to scammers, hackers, and other assholes. That and trying to fuck up your other patronized websites.

Phishing is the act of ripping off something legitimate and using it as window dressing for a confidence scam to solicit your private information (like login passwords and credit card numbers) for their own illicit ends.

Given what I learned about how innocent TV Tropers got duped, here's some general pointers:

1. Check the URL, even if you clicked in from a Google link. If it has anything aside from tvtropes.org in the link, it's bogus.

2. Tip for spotting the fake: I had Noscript on when visiting one of their faked pages, and I enabled only the site itself as allowed (DO NOT TRY TO LOG IN). The Javascript that controls the collapsing sidebars didn't work. On the real TV Tropes, allowing the site through Noscript will make this work. Also, the plus shaped icons for the sidebar items should NOT be visible on the real TV Tropes if blocked by NoScript. If they are, it's a bogus copy.

Now, as any actual tropers may be aware, I run that Orain/Wikia based TV Tropes fork All The Tropes, but I utterly condemn what these phishers did to TV Tropes and have forwarded what I could find out to the TV Tropes moderation staff.

As a final piece of advice, if you were duped by these phished ripoffs, change your passwords NOW.

No comments:

Post a Comment