Anti-Phishing: The Definitive RapidShare Account Protection Guide

Anti-Phishing: The Definitive RapidShare Account Protection Guide:credit goes to original member Hey guys. I'm back again with another comprehensive guide. This time, I'm going to go over something that's absolutely rampant on today's warez forums: RapidShare account phishing. So this is what happens. You're just browsing through your usual favorite forums, downloading as you please, and then suddenly, on one of the topics, someone points out that a post has phishing links, and then a moderator closes it. Well, that's great for them and all, but how about you? How do YOU know it's a phishing link? How do you protect your account in the future when there's no one else to say if it's a phishing link or not? Of course, our awesome Mods here at WS tend to catch these links, but they need your help to make it a safer forum for everyone! Fear not! . I have quite a few precautions that I'm going to lay out for you guys that I can promise will make sure you don't get your account stolen/phished, and I guarantee a 100% success rate. Why am I spending so much time doing this? Because I love KATZFORUMS, and enjoyed the community since the day I joined, and I'll be damned before I see this place go down the drain to scammers and phishers. You'll see me posting a lot on topics, spotting the phishing links and reporting them. How do I know so well what's phishing and what isn't? You'll find out as you read, and soon, you'll be able to spot and report them just like me! So first off. Let's analyze what exactly phishing is. Phishing (pronounced "fishing") is the process by which someone makes a complete visual copy of a website and puts it up on a different server( anyone can access it like a regular website), so that unsuspecting users not paying close attention will input their personal data, which gets sent to the scammer. This is commonly used on banking/credit card/PayPal-like sites, in which someone logs into to what they think is the real site, but their details are sent to the scammer. These people don't suspect anything, because once the scammer has the login credentials, he can have his phished website redirect the person to the real site, and have them automatically logged in using the credentials he just stole. It's an ingenious idea, but is utterly dangerous and very angering to us unsuspecting users. The biggest flaw of RS that scammers exploit is the ability to be logged into an account from multiple computers. I'll explain more as to how this related to RapidShare as we go on. So, now that you know what phishing is, here's the ways you can successfully fight it. I'll include both Pro's and Con's of each method, but using them all together is the absolute best way to prevent any sort of phishing, 100% guaranteed. I'll also include a section at the bottom to help you out if your account has already been compromised/stolen, and what you can do about it. As usual with my guides, it requires no third-party software (which I rarely ever trust) and no hacking. So, let's begin. 1. Lock Your Account (No, Really) RapidShare recently launched a new safety feature called the Security Lock, which is giving account-stealers quite a headache . Essentially, what this does, when you enable it from your online RapidShare account, is lock down your account to unauthorized use. It sends the email account registered to your account a confirmation number, which locks the account. What does this do? This prevents from anyone changing the password/email address, or using your hard earned RapidShare Points. This essentially locks down the ONLINE account (the one you login to through RapidShare.com). If it locks them out, how can you change those details and use your Points? Easy. All you have to do is log in to your account through the web site, click Unlock, and another confirmation code is sent to your email, which allows you to change those details or use your points. My suggestion? Use it! You won't notice a thing when you're downloading, and it's really easy to do! * Stops intruders who have compromised your account from changing the password, or the registered email address * Stops intruders from using up your hard earned RapidShare Points to create themselves a free account * Intruders cannot Unlock the account themselves without access to your email account (which they of course don't) * Doesn't stop an intruder who's already compromised your account from blowing through your daily bandwidth. If your account has already been stolen/compromised, please proceed to the bottom of this post. ----------------------------------------------------------- 2. Set Your Account Up To Directly Download: What does this mean? It essentially means that you don't go through the screen that asks you if you'd like to download as a Free or a Premium user. This shows up by default, whether or not you're logged in as a Premium user. You've all seen it, but here's a quick screenshot of what it looks like, just so you know which page I'm talking about: This is so that you can thank people by downloading a small file (uploaded by them) as a free user to earn them points. As good-natured as it is for you to do that, it poses a security threat. The most common form of roping people into giving away their account details is to use a "Link Protector" to mask their phishing URL so that you don't suspect anything. the so called link-protectors actually don't do shit to stop people from leeching other people's RapidShare links for forum posts. There is nothing stopping me from copying and pasting your links just because you used a "link-protector". Because a phishing site obviously cannot have the same URL as the original site it's phishing, it poses a problem for scammers as to how to get your login details without you suspecting anything. So under the pretense of a "link-protector" the URL of the phishing link is hidden, and it will take you to the Free or Premium download page, at which even if you're logged into RapidShare, clicking the Premium download page will ask you to enter your login/password, just like the official site would do if you weren't logged in. Don't fall for this! So what are my suggestions? First, go into your account settings for RapidShare and enable Direct Download. It's under settings, as shown here: This eliminates that Free or Premium Download page, and always downloads premium the instant it's clicked. This way you can be sure you're clicking on a genuine RS link because the moment you click on it, it will initiate the download, since you are inititating a direct download. Second, if that page DOES show up, even after turning on Direct Downloading, then something is definately up. Check the URL of the link you clicked on. If it says ANYTHING other than Code: http://rapidshare.com/files/********/****** Where the *'s are numbers and a file extension, it's a phishing link. Here's a few visual examples of real and fake links. Fake (These were taken from actual phishing links. Although the URL's are obviously wrong, don't scoff at people for falling for it. The screen they saw at this URL was the exact same as the Free or Premium Download page above. Would you have spotted the difference if you weren't looking at the URL? Source for links: KATZFORUMS Recycle Bin) A REAL Genuine RapidShare URL: If it still shows the screen but it's a genuine RapidShare link, then it's a possibility that you logged out. Log back in. When you log in, RS saves a cookie on your computer to tell the site that you don't need to log in as you've already provided the correct credentials. Logging out deletes this cookie from your computer: Power users may search through their Cookies folder to see if it's there or not. * 100% absolute fool-proof way to avoid being phished * Makes it even easier to download from RapidShare by removing that intermediate step of having to pick which download type * If you'd like to thank someone by download a file as a free user, you cannot do that in this scenario. You need to log out of RS first, then download it, and log back in, or go into your settings and uncheck the Direct Download each time you want to thank somebody. It's not quite a bad thing, it's just a lot of steps. -------------------------------------------------------- 3. Keep an Eye on Your Traffic Logs! RapidShare has given you many tools to watch for abusive activity on your account. One tool is an IP Logger found in "Premium Zone>View Logs", which logs the IP Address of the downloader each time a file was download on your account. So how can this help you? It's all numbers to you, right? Doesn't make sense? Fear not! Essentially, what an IP Address is a household-specific address that identifies your internet connection. It's kind of like a family name that identifies who you are. Each computer has their own IP provided by their ISP. All you have to do is use a free web service to find out what your IP Address is. I personally prefer Code: http://whatismyipaddress.com/ Write that down, and compare it to your traffic log. Each time you see that same number on your log, it means the download came from your computer. If you see an IP that doesn't match the number you wrote down, it can mean one of two things. One, it could mean you downloaded something yourself from a different computer in someone else's house/work. Two, it could also mean somebody has already compromised your account and has been using it to download for themselves. How can you tell the difference? Use the site mentioned above, and paste the unknown person's IP into the box. and click "Lookup IP Address". You'll get a pretty decent explanation as to where the person's IP is based, such as Country/State/City, so if it's at someone's house you know or is at work, you know it was you. If it isn't either and is from some place you know you've never even been too, it means your account has been compromised and is being used. Use that information as well as the information from the IP Lookup to report it to RapidShare for fraudulent use. Here's a picture comparison of a clean account and a "dirty" account. In this account, you see that all logs of downloading are from my IP Address, which is 67.***.***.***. It all checks out.