I received an email from a friend to go to a certain website to view her recent photos. So I went to the website which Norton Safe Web said was safe and created a log-in (although I didn't put in my birth date and gender which they requested). It was a very strange web site and I couldn't find any pictures. Unfortunately, it took me 30 minutes to realize that my friend did not actually send that email and her email had been hacked. So I unregistered from the site (and I hope that is what actually happened).
My question is:
Why did Norton Safe Web indicate the site was safe? The way the site got me to go to it was highly unethical, if not illegal. I would find it hard to believe that someone not associated with the site would go to the trouble to try to increase traffic.
I did a Norton scan and a malwarebyte scan and all is ok, but of course, I am still uneasy and can't believe I fell for the stunt. I never thought I was stupid, but am now re-evaluating that thought!
There could be several reasons to lure you to that site. One of them, of course, would be to attempt a driveby download of malware, which probably did not happen, as Norton is very good at detecting and blocking those things (and your subsequent scans are clean), The registration process strikes me as a ploy to harvest your contact list. Often in the fine print you will find a clause stating that you agree to let the site access your address book. That is likely how you originally got the message from your friend. At one time there was a lot of this going on, but I haven't seen much about it lately. Try Googling the name of the site or the wording of the email message subject line to see if there is any information on this particular apparent phish.
I did google the site and there are complaints about it stealing email passwords by asking for their email password and people evidently giving it to them. I didn't find that when I "logged in" and did not use my email password when I created a login.
But a question for you. Can a site get access to my email contact list without my email password?
A site would need your password to access your email account. A few years back a site known as Tagged.com used a method similar to the one you have encountered in order to harvest addresses. VIsitors were lured to the site by an email appearing to come from a friend that claimed that there were pictures of the recipient posted at the site by the friend. During the registration process required to view the pictures (which do not actually even exist) the site asks for a lot of personal information, and attempts to get you to enter your email password. If you do not give up the password, your account is safe.
Hopefully, in the future, I can avoid being in the "chain of fools."
LOL. No insult intended! It just happened to be the clearest-written of the many articles I looked at - I didn't even notice that the title is a little harsh for any reader who happens to have been a victim of this kind of thing. If it makes you feel better, anyone, experts included, can be taken in by social engineering tactics - that is why they continue to be used so often and why so many people still get tricked into downloading fake AV programs..
