:::: MENU ::::

Digg Phishing Scam Exposed

digg-logoHackers didn’t just stop at the Twitter Phishing Scam that we saw few days back. Now They are after the social news site – Digg!

A Digg copycat site – http://567gu.com/ has been leaked which looks and functions exactly like digg. But the only difference is when you will login to digg the story, your password will be sent to the hacker who will completely mess your account up.

How Does it Work?

You may receive messages via IM or via digg itself containing a link to a particular story. Sometimes we get so many of these everyday that we hardly look at the URL of the story. If its anything other than “digg.com“, I’d advice you not to click it.

Be particularly careful when someone gives you a link with a URL Shortening service like Tiny URL. Those can really fool you big time. For example, Check this out — http://tinyurl.com/6vjavf

If I randomly give you this link, you will open it without noticing the ‘address bar’. This is a FAKE digg page.

fake-digg-phishing

Since the page looks exactly like digg, its very easy for you to get fooled. I feel that this is even dangerous than the Twitter Phishing because – a social news site like digg involves more sharing of links. If you are active on Digg, I bet you have a lot of friends in your IM (e.g. Google Talk, AIM). One of them might be the Scammer who would want to pass you a fake digg page and ask for a digg. If you are careless and actually try to login and digg his post, he will get access to your actual digg account and use it for his own benefit.

So be aware! Pass this news to all your friends, because if they can compromise one of their accounts they might actually use their account to send the phishing message to you. And since you trust your friend, you might not actually bother to look at the address bar.

Here is the Whois Information

Registrant:
Organization : su yue bian
Name : suyuebian
Address : shanghaipudongtangqiao19B
City : shanghaishi
Province/State : Shanghai
Country : CN
Postal Code : 361009

Source: http://www.networksolutions.com/whois-search/567gu.com

The fake twitter site also has a similar whois info – Shanghai, China. Interesting!

Update: One of the commenter in this post is a strong believer that this is not a phishing site as both the site has the same IP. Well I was aware of that before posting this entry because the actual news originated here. And as you can see in the comments of that entry, a few of the diggers already pointed out well before that both the sites have the same Ip.

However I still find it risky and a possible phishing scam ‘attempt’. Here is why:

  • Both digg.com and the domain in question – 567gu.com are on different name servers. So even though they are redirecting the requests to digg’s server ‘right now’, it not might be the case after an hour? Or tomorrow!
  • Digg.com is working fine. Its not blocked by my ISP nor it has any other issues. So why would I take the risk of going to a 3rd party site and take my chances?
  • Phishing is like ‘social engineering‘. Today they may be actually pointing to digg’s server, tomorrow they might point to a totally different location! User has no control over it, only the person who owns the domain will be able to control it – whenever he wants to!
  • After what happened with twitter, I don’t think this is a co-incidence. If you are smart you should not take this ‘lightly’. Since the owner of the domain is in control, He can keep everything the way it is and simply point the ‘login page’ to another address to capture your password.

If you still want to go ahead and try your luck, Be my guest :)


12 Comments

  • Reply p@r@noid |

    I wish if any of the digg moderator will come down here and answer all this question and let us know what’s actually gng on with this site,….
    These are not only fake pages but a website where user can actually see there profile
    Damn it even mine profile is there
    http://567gu.com/users/virgintech

  • Reply Saad |

    I’m with blondin. Digg, Reddit are the only two social news site people actually care about. Not a big fax of Mixx sorry :)

  • Reply cr3 |

    Saad: For gods sake, you have really missed the boat on this one.

    Why are all the profiles from Digg there? Why does it look EXACTLY LIKE DIGG?
    BECAUSE THEY’RE BEING SERVED FROM THE SAME IP.

    Pinging digg.com [64.191.203.30] with 32 bytes of data:
    Pinging 567gu.com [64.191.203.30] with 32 bytes of data:

    Try it yourself. Ping both.

  • Reply cr3 |

    Sorry, forgot to put a point to my rant.

    It’s not even a phishing site. It -is- digg. Digg is serving the page. The domain name just points to Digg’s servers.

    Not a scam, not a forgery, not a risk at all.

  • Reply Saad |

    @cr3 – LOL. I know they have the same ip. But is that how you call that site ‘secure’?

    Do you actually know what that IP refers to? Both having the same ip simply means that are both on the same computer…but definitely thats not “DIGG” because digg won’t register a domain name in Shanghai, china! It can be a internal security breach or a work of an employee.

    Use your brain for a sec….

  • Reply Don Draper |

    Most likely it is a phishing site. How best to do it other than to point your DNS at the target for a while and get people used to it, then do a switch at a future date. Or just switch back and forth when you want to harvest ids.

  • Reply pest control las vegas |

    That’s really a fantastic post ! I added to my favorite blogs list..
    I have been reading your blog last couple of weeks and enjoy every bit. Thanks

So, what do you think ?