Tuesday, July 5, 2011

A trap for young players

Hi folks,

Today, on my iPhone (note: not my laptop), I got this message from the friendly folk at Facebook Support...

I've been doing a bunch of things on FB recently, so I thought "I wonder what they want? Did I do something wrong?", and clicked it.

To my shock and chagrin, I was taken, not to FB, but to a Pharma page!

Wait ... I'm much too cunning to be caught by that! What happened?

The issue, friends, is that I was reading FB on my smart phone, and not my laptop. If it had been the laptop, I would, as a matter of course, simply hovered the mouse over the link, and after a small pause, my mail client would have shown me the true URL behind the link. (In non-geeky talk, what that means is that whenever you get a suspicious email, you point the mouse at the link in the email, but _don't_ click it. Just wait a couple of seconds, and it will pop up a message showing the _real_ URL behind the link. If it's not Facebook, or eBay, or whatever you thought it should be, just delete the email)

Because, however, I was on my smart phone (dumb phone might be more correct, perhaps?), there is _no_ way to do a mouse hover, and therefore no way to see what's really behind the link.

Because so many people are moving to either Android or iPhone, this is an emerging problem. In this case, all I had to do to fix it was to close the browser, but if there had been an exploit, or even convincing social engineering behind it, they might have caught me. And I'm a little bit more cunning than lots of users.

What is needed is some way to view the source of the message. If no one builds such an app, maybe I will.

Keep safe folks, and be cautious. When Obi-Wan Kenobi said "There has never been a more wretched hive of scum and villainy", I'm pretty sure he was talking about the Internet.


No comments: