Accounts compromised via phishing sites.
- Thread starter ixlone
- Start date
- Status
- Joined
- May 29, 2012
- Messages
- 594
@Happily_Grim
Your posts are really hard to read.
I was not talking about the announcement of 2FA - just the fact that I made a point of mentioning it in the first post of this announcement - so you either glossed over it, or didn't read it properly. And that was exactly my point - people can miss things that are blindingly obvious.
For example, the fake site domains where they happily enter their info. Which we know happens all too often, cos people actually come on to Discord and ask us why they can't log in, and then link the fake site 😓
Let's just be thankful it's only a manga site's info and not a more important site's info (which hopefully no one used same password for)!
Your posts are really hard to read.
I was not talking about the announcement of 2FA - just the fact that I made a point of mentioning it in the first post of this announcement - so you either glossed over it, or didn't read it properly. And that was exactly my point - people can miss things that are blindingly obvious.
For example, the fake site domains where they happily enter their info. Which we know happens all too often, cos people actually come on to Discord and ask us why they can't log in, and then link the fake site 😓
Let's just be thankful it's only a manga site's info and not a more important site's info (which hopefully no one used same password for)!
- Joined
- May 29, 2012
- Messages
- 594
@Rannilas
The point is probably to get the passwords of people who use the same passwords on more important sites. Sites which they CAN exploit once they have that info.
Once they have that info, they can do a lot of stuff if they compromise the right stuff.
- Link shit to friends and family via Twitter, Facebook, etc and get them to click on the links since they will assume it is safe coming from YOU. Potentially downloading malware such as ransomeware to make $$$.
- If they get your email they can scan your email for other passwords, sites, info, payment info, etc
- Many other things I'm not devious enough to think of, but that they can and will do!
And it all starts off with "just" a manga site, or "just" a whatever site.
Prime examples of why you should never use the same password across sites.
The point is probably to get the passwords of people who use the same passwords on more important sites. Sites which they CAN exploit once they have that info.
Once they have that info, they can do a lot of stuff if they compromise the right stuff.
- Link shit to friends and family via Twitter, Facebook, etc and get them to click on the links since they will assume it is safe coming from YOU. Potentially downloading malware such as ransomeware to make $$$.
- If they get your email they can scan your email for other passwords, sites, info, payment info, etc
- Many other things I'm not devious enough to think of, but that they can and will do!
And it all starts off with "just" a manga site, or "just" a whatever site.
Prime examples of why you should never use the same password across sites.
@anon_whos_not_a_fag 2 factor requires a phone and is a pain in the ass when I want to log into something.
Member
- Joined
- Aug 8, 2018
- Messages
- 3
Admins of Mangadex,
Have you considered maybe reporting these series of phishings to haveibeenpwned? Contact Troy Hunt(owner of HIBP) if you want to report the phishing attacks on mangadex users.
Basically, HIBP(HaveIBeenPwned) is a collection of all the major data breaches that have happened on the Internet. I think phishing might count as a data breach, but I'm not sure.
Also haveibeenpwned links below are not phishing links.
If you are paranoid(which I don't blame you), search for haveibeenpwned in wikipedia and click the official link there to access haveibeenpwned.
https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F
https://haveibeenpwned.com/
_______________________
Also, to those who have been affected by the phishing attacks, I recommended checking https://haveibeenpwned.com/
to see if your e-mail addresses have been breached(and in which data breaches they were breached in), as well as your passwords.
No need to worry about getting breached at haveibeenpwned just by typing your e-mail address and password into haveibeenpwned, as long as you're 1) visiting the real site, 2) enter an old password that has already been breached 3) don't reuse any breached passwords.
_________________
FAQ here: https://haveibeenpwned.com/FAQs
By the way, HIBP indexes past breaches; they didn't have your password or e-mail address before a breach happened, so checking your e-mail address and passwords against their databases doesn't compromise your data.
If you want HIBP(haveibeenpwned) to delete your e-mail address from their databases(remove it from being publicly searchable there): https://haveibeenpwned.com/OptOut
Have you considered maybe reporting these series of phishings to haveibeenpwned? Contact Troy Hunt(owner of HIBP) if you want to report the phishing attacks on mangadex users.
Basically, HIBP(HaveIBeenPwned) is a collection of all the major data breaches that have happened on the Internet. I think phishing might count as a data breach, but I'm not sure.
Also haveibeenpwned links below are not phishing links.
If you are paranoid(which I don't blame you), search for haveibeenpwned in wikipedia and click the official link there to access haveibeenpwned.
https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F
https://haveibeenpwned.com/
_______________________
Also, to those who have been affected by the phishing attacks, I recommended checking https://haveibeenpwned.com/
to see if your e-mail addresses have been breached(and in which data breaches they were breached in), as well as your passwords.
No need to worry about getting breached at haveibeenpwned just by typing your e-mail address and password into haveibeenpwned, as long as you're 1) visiting the real site, 2) enter an old password that has already been breached 3) don't reuse any breached passwords.
_________________
FAQ here: https://haveibeenpwned.com/FAQs
By the way, HIBP indexes past breaches; they didn't have your password or e-mail address before a breach happened, so checking your e-mail address and passwords against their databases doesn't compromise your data.
If you want HIBP(haveibeenpwned) to delete your e-mail address from their databases(remove it from being publicly searchable there): https://haveibeenpwned.com/OptOut
- From one section of the HIBP FAQ
Member
- Joined
- May 28, 2018
- Messages
- 143
dang.. when the one who add "friend" is not a friend,
but a friend without R letter on it,
Fiend.
#wordplay
but a friend without R letter on it,
Fiend.
#wordplay
Active member
- Joined
- Aug 8, 2018
- Messages
- 755
@Ixlone - I'm not quite sure why my posts were hard to read, but I apologize if they somehow caused confusion.
I agree with most of what you said, too. I suppose I didn't really make that clear, though. My responses weren't necessarily to dispute what you said, but to further elucidate on the reasoning of my first post.
Even my initial reason for coming in here wasn't because I was concerned about being potentiality compromised, it was more to investigate the cause when I noticed random users sending me friend requests, and noticing they had been banned. Once I read the cause of compromised accounts being elicit sites my curiosity was satiated, and I didn't feel the need to read further. So I just made an offhanded comment about it all. As I said before, it wasn't too condemn or excoriate anyone.
The overall point that I've been trying to make here, perhaps poorly, isn't that people shouldn't make mistakes, but that they should have safeguards, protections, and precautions in place for when they do; as well as the due diligence to be reasonably educated and aware about such things. Maybe it's easier for people who don't have to "hunt and peck" when typing, but as far as I'm aware, I always look at what I'm typing into an address bar before hitting enter specifically because this has been a type of problem for quite a while. Maybe I really am the strange one -- I dunno.
Again, I'm sorry if this hard to read; I just figured I'd try to clarify. I agree as well that it really is a good thing it was only a manga site's info! It sucks that it's more work for you guys, but hopefully it can serve as a valuable experience for someone.
Thanks for taking the time to respond and clarify as well. I appreciate it.
I agree with most of what you said, too. I suppose I didn't really make that clear, though. My responses weren't necessarily to dispute what you said, but to further elucidate on the reasoning of my first post.
Even my initial reason for coming in here wasn't because I was concerned about being potentiality compromised, it was more to investigate the cause when I noticed random users sending me friend requests, and noticing they had been banned. Once I read the cause of compromised accounts being elicit sites my curiosity was satiated, and I didn't feel the need to read further. So I just made an offhanded comment about it all. As I said before, it wasn't too condemn or excoriate anyone.
The overall point that I've been trying to make here, perhaps poorly, isn't that people shouldn't make mistakes, but that they should have safeguards, protections, and precautions in place for when they do; as well as the due diligence to be reasonably educated and aware about such things. Maybe it's easier for people who don't have to "hunt and peck" when typing, but as far as I'm aware, I always look at what I'm typing into an address bar before hitting enter specifically because this has been a type of problem for quite a while. Maybe I really am the strange one -- I dunno.
Again, I'm sorry if this hard to read; I just figured I'd try to clarify. I agree as well that it really is a good thing it was only a manga site's info! It sucks that it's more work for you guys, but hopefully it can serve as a valuable experience for someone.
Thanks for taking the time to respond and clarify as well. I appreciate it.
Active member
- Joined
- Apr 18, 2019
- Messages
- 264
Received a friend request by an already banned account, you guys are fast and efficient.
Active member
- Joined
- Dec 23, 2018
- Messages
- 181
I accepted the friend request because why not.... Deleted him now. Am I in trouble? D:
Member
- Joined
- May 28, 2018
- Messages
- 143
@KawaiiMajinken
See holo post at page 2,
or Teasday at post #2 at first page
accepting is safe, but the link is not
See holo post at page 2,
or Teasday at post #2 at first page
accepting is safe, but the link is not
Contributor
- Joined
- Apr 10, 2018
- Messages
- 300
@AbyssalMonkey I'm suggesting more for the deterrent part, yes. It obviously won't stop the scenario where the phisher also sets up a discord site for you to input your discord info, but that's the game: things should be done to reduce security risk.
I'd make a good assumption that most people haven't even bothered with 2FA here (which, if others aren't aware, is available to be set up here) because, well, you're only here to read Manga. You don't particularly lose anything of value if your account gets phish'd here - unless they're an a-hole and changes your password/deletes the manga you're following.
I'd make a good assumption that most people haven't even bothered with 2FA here (which, if others aren't aware, is available to be set up here) because, well, you're only here to read Manga. You don't particularly lose anything of value if your account gets phish'd here - unless they're an a-hole and changes your password/deletes the manga you're following.
Member
- Joined
- Aug 7, 2018
- Messages
- 147
As long as the mangadex.cc site was legit, i should be in the clear.
Did get a random friend request from a very fresh account.
CONDEMNED!
Did get a random friend request from a very fresh account.
CONDEMNED!
- Status
Similar threads
- Suggestion
