Rapidshare Phishing: Protect Yourself

[Dawnz]

The Menace of Phishing: Protect yourself from it

It has become frequent these days , some fraudulent users Posting Phishing Links in guise of Rapidshare download Links. It is necessary that Rapidshare Premiun Users are aware of this issue is and Never compromise their login details at any cost.

This article is an attempt in that direction.

What is Rapidshare Phishing?

Rapidshare Phishing, for those of you who don't know, is fake Rapidshare web site. It is designed to look exactly like Rapidshare. It is made to steal your Login details ( username and password), rapidpoints or to steal your credit card (or any payment method) if you decide to sign up for a premium account.

Example:

Fake Rapidshare sites used for Phishing / to steal Your username and password.

dn.vc

lix.in

110mb.com

12gb.com

Tinyurl

Etc etc.

The list in never complete, as several new phishing website are created everyday.

Rapidshare Phishing links are usually hidden in protection links like lix.in .Example of Phishing Link:

http://lix.in/example

If the you click links like above, it will take you a rapidshare like website. Remember, these fake rapidshare websites are meant to steal you RS Premium login details. If the victim selects free user, the phisher just passes them along to the real RapidShare site or the download displays a message like below

But if they select premium download, then the phishing site records their login before passing them to the download. Thus, the phisher has lifted the premium account information from the victim.

What happens to such stolen rapidshare accounts?

Phished RapidShare accounts are usually sold for cheaper prices in comparison to RapidShare's prices for a premium account. Or the phisher uses it for his own purposes. Your account may also be used for child porn storage and other illegal files. But most importantly, your private files can be misused

How to identify Phishing sites?

Fortunately, identifying such sites is not rocket- science. Please remember that the fake sites looks exactly the same as the original rapidshare . Even then however , Phishing sites can be easily identified in the following two ways:

I. First Observation:

1. The fake website mentions SSL-encrypted Login, but the URL in the address bar only uses HTTP and not HTTPS.

Vs.

2. Notice the Slash in the url

3. If you are already logged in the RS premium account* but still the download asks you for username and password. It is for sure a fake phishing link.

II. Using your Browser:

If the RS site is original

1. For Firefox users, at the original RS site, the whole address bar turns yellow and a small lock appears in the right of it, and in the right bottom of the window..

2. For Opera users, in the address bar appears a yellow space wich contains a small lock and then the name of the certificate: "RapidShare AG (CH)"

3. For Internet Explorer users, in the right bottom of the there's a small yellow lock which shows us that a certificate is present.

Also in firefox, if you doubt the page is fake, right-click on the alias page and select "This Frame" > "Show only this frame." This reveals the real page, and you can see the URL would not be rapidshare.com. No wonder they call, firefox the most secure browser in the world!

For any other browsers, search for a small lock either in the address bar, either at the bottom of the window.

However, if you fall victim to phishing, try change your login details immediately as soon possible. Don’t make it too late.

Precautions you can take

1. Always log in to rapidshare via the following pages only,

https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi

Or

https://ssl.rapidshare.com/premiumzone.html

2. If you are on your personal computer, try to stay logged in all time. Save your rapidshare cookie indefinitely or never clear your browser cache off Rapidshare cookie. This way you will be always logged in your rapidshare account. If by some reason a Rapidshare link download asks for your Login details again, it is a fake link. No link should ask you to log in again, if you have already logged in once.

3. Have "direct downloads" enabled in your account options. To do this go 'premium zone' > Click 'Settings' > Configuration>enable 'direct downloads'. This way you won’t be redirected to a rapidshare webpage but the file to be downloaded will be automatically added to your download queue. If by some reason you reach a redirected login page , the link you wanted to download from is a fake/phishing link

4. Activate your RapidShare-Security Lock of your rapidshare premium account:

Once you activate you RS security Lock, RS sends you a unique unlock number to your email, which you keep safely at all time. In dire case, even if your login details are compromised , the phisher, cannot change you login details, delete files or convert you rapidpoints unless he has access to that unlock code. Which only you posses. Even if the phisher requests a new unlock code in desperation, the new unlock code would be send to your email only. By then you would have already known,, that your account is stolen ,and its time to change your login details

>>>Remember rapidshare never sends out any email to their users asking for their login details. If you receive any such email, contact Rapidhsare for clarification.

You can also, monitor your account by checking ‘ view log’ at your premium Zone

Stay Safe & Secure, Always :P

[Noddy]

Thanks for the headsup, Dawnz - I'm a sucker for Rapidshare leeching.

[Anteus]

I use Firefox bookmark keyword for thoose links ;)

[Lite]

Good post!

Another way of telling is by looking at the URL (usually of a download link). Often they will have lots of other subdomains AFTER rapidshare.com. For example: http://24ews.rapidshare.com.some.phishing....m/somethingelse.

[Dawnz]

Rapidshare Phishing Update

[Rock Lee]

Nice guide :)

[mosaji]

Thank you

[Donaldo]

My respects, Dawnz. :lol:

[Lite]

I'd like to add IE 8 has a nice feature to help avoid phishing scams. Basically the domain name is highlighted and the other parts of the URL are greyed out. Kinda cool i thought...