Warning! Beware of Malicious PM's

A

Al Norris

Moderator Emeritus
Earlier this evening, several staff members received a PM from a new member.

When clicking on the PM, a popup appeared and asked for a login.

TFL does not use popups in this manner. Since you are at your msg list, you must already be logged in!!! Simply close that window (or tab) and immediately report this PM to the Staff.

Do Not respond to the PM in any manner. Let us deal with it.

The least that would happen if you filled out the form and clicked on the "OK" button is that you just gave some unknown malicious hacker your name and password. That's the very least. If you are using a windows machine, there are many more malacious things that could be done to you and/or your computer. Here's what to look for:


attachment.php


The coding for this is hidden in the
 

Attachments

  • snapshot2.png
    snapshot2.png
    153 KB · Views: 439
Thanks for the heads up!

I'm assuming the goober trying to scam folks like this had his/her account taken out in the backyard?
 
Interesting. This is a new attack I've not heard of before.

Thanks for the heads-up... we may want to let people know of such things on other boards (I know many of us visit various boards for various interests) in case it goes there as well.
 
I wouldn't even click the X to close the window, I would go straight to Task Manager and close your browser from there. The window could be an image file and the X would just be part of that same image no different then any other part of it. It's possible to code it so that if you click anywhere on the image it does it's thing.
 
All sorts of bad stuff out there on the web that is specifically meant to collect data from your computer or even make your computer unusable. The best way I know to stop them is to never, ever use the internet (that includes email) while you are logged on as an administrator of the computer. If you are logged on as an administrator and you click on the wrong thing it can install/infect your hard drive in such a way that you’ll never get it all off without reformatting the drive, and that means everything you have on that computer is gone forever. I know it’s a pain because when you do want to install something you have to remember the administrators account name and password but as a person who works in IT I’m telling you losing all that data can be much, much worse. Especially if you do backups as much as most people do!
 
I keep an older laptop that I use in emergencies. It is kept always up to date and it's the only machine I run antivirus on. It is my recovery machine and when one of my others get's a nasty I use this one to clean it up and put it back in order. I do keep backups as well.

I don't get very many nasties cause mostly I know how to avoid them, but sometimes they teach me a new trick. Never had one beat me though because I keep that laptop ready for the inevitable and off the beaten path.
 
This posted here, for the widest possible viewing.

This is no way related to guns, and would seem to be off topic. Except for the fact that this was a new way to harm our members, it is off topic.

This was deemed to be enough of a threat, that a warning thread was merited. This time, the staff was targeted (obvious enough reasons). Next time? :eek:
 
I'd also add that you shouldn't try to go to the link visible in Al's original post. (or maybe Al could blur that URL for group safety)
 
As of this morning, that specific link has been deactivated. The admins at www.x10.mx (the parent hosting company) have taken it down. There must have been some complaints (who da thunk it)!

Since it serves as a warning on what to look for, I don't think blurring it helps or harms. Should certain folks want to go there, then they get what they deserve (I'm a believer that stupid should hurt).
 
You must log in or register to reply here.
Back
Top