Phishing on YouTube

YouTube logoYesterday I received a message in my YouTube account Inbox claiming that my account was flagged. On initial skimming of the email I was shocked, but then looking at the message closer I quickly recognize it as another Phishing email.

The email states

The Youtube Team YouTube Broadcast Yourself™ Hi (account), According to our records, you have been flagged for the following: Hate Speech/Bullying Spam/Flooding of other YouTube channels Massive Advertising Explicit Copyright Infringement Your ac…
The Youtube Team
YouTube Broadcast Yourself™

Hi (account),

According to our records, you have been flagged for the following:

Hate Speech/Bullying
Spam/Flooding of other YouTube channels
Massive Advertising
Explicit Copyright Infringement

Your account also appears to be phished and/or flagged by other users with the following IP addresses:

72.55.191.6:3128
80.227.1.100:8080
119.70.40.101:8080
216.194.70.3:8118
61.166.68.69:80
194.44.170.81:3128

We have reviewed your account and notice that your account seems to be in good standing. Therefore, we will not penalize you for any actions. However, we have reviewed the reports made to your account, and notice that your account has been flagged and/or reported multiple times. We ask for your current password in order to ensure that you are the owner of this account and to verify your current account status. Please provide us with the information below…

On initial thought, I was wondering about the scammers’ goal for taking over a YouTube account. Then I remember that many YouTube accounts are now linked to user’s Google Account, which provides access to GMail among others.

So, everyone needs to be diligent and be careful when receiving instructions via email or through proprietary messaging system, asking you to provide username and password or means of authenticating your identity. In most cases, legitimate web sites will never ask for a user’s password. Remember bad guys are everywhere, especially on the Interweb.

Wisely Using Twitter

Twitter LogoTwitter has been around now for over 3 years and along the way there had been many 3rd party applications and web services. At the beginning years these 3rd party applications and web services had required the Twitter users to provide their Twitter credentials to use the service.

This requirement of providing a 3rd party with my credentials of another service had never sit well with me. So I did not use any 3rd party web services that requires my Twitter credentials. This decision was frustrating to me, as during this time Facebook, FriendFeed and others had authentication services that does not require their users to provide their respective credentials to the 3rd parties. As a result I joined the 100s of others who requested Twitter adopt OAuth or alike technology for their site.

Continue reading “Wisely Using Twitter”