Hi there, guest! Welcome to my petpage on how to Defend Yourself from Fake Login Pages and Cookie Grabbers. This guide teaches you how to defend yourself from people who try to steal your account using Fake Login Pages and Cookie Grabbers.
(08/13/06) ~ Very Important: Last night, while Catherine was logged into her side account using a browser called Mozilla (not Firefox!), a trojan virus tried to download itself onto her computer. Keep in mind that SHE WAS ONLY SURFING ON NEOPETS THE TIME SHE GOT THE TROJAN. We tried asking other users about this to see if Cat wasn't the only one infected, and we were surprised to see that many users were infected with the virus as well. Now, the question is...can Neopets infect us with a virus?? For more information about this, click here.
(08/03/06) ~ Catherine: HURRAY! I INFECTED THE COMPUTER WITH A VIRUS!! I mean, OHEMGEEIGOTTAFIXTHIS...I visited a "neopets layout website" this morning. That website tried to install a -disallowed_word- Exploit virus on my computer, and was successful. I ran AVG Anti-Virus scan on my computer and I had 4 Trojans! Whee...I mean...uh-oh...
Because of this, I decided to add a new section! I thought it would be essential to put an article on how to defend yourself against viruses as well.
(08/03/06) ~ Catherine: Are you sure your browser is safe from all these -disallowed_word- and Cookie-grabbing attacks? I've found out a way on how to make sure your computer's browser is safe from vulnerabilities. Try going to http://www.jasons-toolbox.com/BrowserSecurity/ and run the Browser Security Tests.
(08/01/06) ~ Yay, we have a new counter up! Thanks boingdragon.com for the counter!
The first thing I'll do is I'll tell you the long, boring story on how I got interested in Cookie Grabbers. If you have a very short attention span, or would rather spend your time peeling off shrimp skin like what my cousin does, you can skip this part and go on to the next section.
Let me tell you a bit about myself first. I've started using the internet when I was 12. Actually, it was the fault of my cousin, cat_cast (a.k.a. Catherine), for bringing me into internet surfing. She's worse than I am; she's been surfing the net since she was 8! Anyways, I've been on neopets for about 3 years. After about a year since I started on neopets, I visited a shop and clicked a link and I got redirected to the login page. Then, I realized that it was a fake login page (the URL of the browser was NOT www.neopets.com). I decided to do a practical joke on the person who created the fake login page by entering a non-existent username and pässwörd. Little did I know that the website had a "Cookie-grabber" ( -disallowed_word- code) in it and it was able to read my cookies. So what happened was, my account was hacked and a few days later it ended up being frozen. I lost interest in Neopets since then because I couldn't get my account back and I didn't want to start from scratch again. Plus, I got addicted to playing a MMORPG called Ragnarok. But Cat brought me back into neopets recently, and I realized that all I wanted to do was chat in the NeoBoards. And that's my story. ^_^ Once upon a time, the end. ;D
...or is it? XD
If you have any questions, comments and suggestions, feel free to neomail me or Catherine.
I'm sure that you've seen in some way or another those people putting up those "neopoint generators". In this section, I have classified these Neopoint Generators as 2 types. The first type is the HTML one, where they ask you (by email or through a certain website) to answer some type of "survey" by entering your Username and Pässwörd and information about your account (like how many items you have in your Safety Deposit Box, or how many neopoints you have in the bank).
Another type of "neopoint generator" scam is when a person tells you to download a certain type of cheat program to multiply your neopoints.
First and foremost, these are scams. There is no program or software whatsoever that exists that can double your neopoints or items. Second and most importantly, I can't stress enough that THE USE OF CHEATING PROGRAMS/SOFTWARE IN ORDER TO DOUBLE YOUR NEOPOINTS/ITEMS IS ILLEGAL IN REAL-TIME AND DOING THIS COULD END YOU UP PAYING A FINE OR SENDING YOU TO JAIL. According to the Wikipedia article about Neopets:
Neopets has also used legal threats against those creating and using cheat programs, adding clauses to their Terms and Conditions requiring authors of cheats to pay damages of US$50,000, and users of said cheats to pay US$500 per use.
So quit dreaming about doubling your neopoints by using cheating programs. Everyone earns their NP fair and square. And perhaps you should, too. Also, oftentimes when you get fooled and download these kinds of programs, most of them contain viruses which can do damage, or even completely destroy your computer. More details about viruses will be discussed below.
Viruses and Trojans
Vital Information Resources Under Seige, VIRUS in short (Catherine told that to me. ^^), are malicious types of programs that can destroy your computer.
Somebody posted in the Help Chat boards about a "neopets layout website" that infects your computer with viruses when you visit them. Some of you may already know the website, but to prevent people from visiting the infected website, we're not gonna tell the website address...unless you ask. XD
Catherine was curious enough to visit that website. Sad to say, curiosity killed the Cat; her computer was infected with a virus. (o_o;; I don't know why she's happy about it, though...well maybe because her computer's so secure that she hasn't had a virus for 2 years, and she craves the excitement of finally having one).
Catherine ran the AVG Anti-virus scanner on her computer. Surprisingly, she found four viruses:
This is a type of -disallowed_word- exploit Trojan Virus. But unlike eebil viruses that can destroy computer and corrupt data, this virus is a method to exploit a security vulnerability in the Microsoft Virtual Machine.
Catherine's computer had been infected with a drive-by virus. Well, she took it off using her Antivirus. So it's really essential to have an Anti-Virus on your computer.
Uhh..okay. So what does a Virus do really? Some of the most evil viruses corrupt and destroy files on your computer and maybe even render it useless. Trojan Viruses gives the hacker full control of your computer. Having a Trojan Virus is like giving your house/car keys to a total stranger. Most viruses even spread themselves over the internet without you knowing it.
Viruses do not only come from downloading infected files or loading infected floppy disks/CDs/DVDs into your computer. They also come from websites who try to load them into your computer, if your computer is vulnerable enough. Also, if you download unknown files from your email, it is possible that they're viruses that could infect your computer as well.
How to Prevent Viruses:
1. Drink lots of fluids, and eat lots of fruits containing Vitamin C.
Oh...you're talking about computer viruses? Sorry, my bad. ^^
How to Prevent Computer Viruses:
Don't ever download files that are suspicious or those that usually come from emails. Even if it's sent by your friend. If your friend's infected with a virus, that virus can spread itself via email, without your friend even knowing it. Or if you want to download a file or think it's safe, it's better to scan it using an AntiVirus first. Better be safe than sorry.
Keep your AntiVirus software updated. I didn't update my AntiVirus on my old computer for five years. My computer had frequent crashes and such. When Catherine came to the rescue, I found DOZENS of viruses on my computer! So much for being lazy to update your AntiVirus program... -_-;;
Avoid visiting off-neo or suspicious websites. Many evil websites will attempt to install malware and viruses on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children) and such are those evil websites that you usually shouldn't visit.
Cat was logged into her side account on the Mozilla browser (she never uses IE!) when a certain virus called exp.wmf tried to download itself onto the computer. She scanned her computer with AVG Anti-virus and it said that her computer was infected with that particular trojan. It turned out that she's not the only one infected with the virus...in fact, so many people on neopets are infected with the virus as well.
Can Neopets really infect us with a virus? Where do these viruses come from?
Apparently, those viruses come from Neopets sponsor advertisements (*sigh* one more reason to go Premium. But I'm too poor. XD). Neopets should really be watchful of the advertisements they put on Neopets. One time, I had a younger cousin who was on a different website that was asking for his information. Good thing he's smart and knows how dangerous (and hideous) the Internet is, he didn't put in his real info and went away from the website. When I asked him why he was on that website, he said that he clicked a certain advertisement from neopets.
Thank goodness he didn't fall for those evil telemarketers. But my concern is, how about those other children who fell victim from these advertisements?
Now, back to the topic. Since she usually uses Firefox, she doesn't get the viruses. She only got the virus at the time she used Mozilla (which didn't have any pop-up blockers or anything).
We did a little research on that virus called exp.wmf and we came across this article from PCWORLD (http://www.pcworld.com/article/126488-1/article.html).
According to the article:
More than 1 million users have been infected with adware spread by a banner advertisement...The ad exploits a problem in the way Microsoft's Internet Explorer browser handles Windows Metafile (WMF) image files.
There are at least 600 Web sites that take advantage of the WMF vulnerability. Microsoft issued a patch for the problem in January, but many consumers may not have applied the patch to their computers, leaving them unprotected.
Unpatched machines are particularly vulnerable. Merely visiting a page with the infected banner ad causes a download of a Trojan horse program. Users who have installed the patch see a prompt asking to download a file called "exp.wmf" when visiting a page with the advertisement.
We found out that the virus was the same type we got from Jadedneo.com (*cough* that neo layout website that we said in our previous article that infected us with 4 viruses).
It'll work if you try removing it with your antivirus/adware killer. If that doesn't work, try going into your cache folders and deleting the file manually.
TNT is so lazy to fix these problems so you have bo bear with them being up for a couple of days. I do hope the company is willing to pay for the cost of damage incurred by the alleged virus. *sigh*
I'll be adding up the screenies of the virus very soon, as I am too lazy to. XD So keep checking for updates. ^^
Catherine: You might be thinking that the reason why people ask for further information about your account (SDB items, amount of NP you have) is that they want to make it look more authentic. Yes, that's one of the reasons. And if you ever stumble upon across an email or a website asking for information about your account, even if you don't give your pässwörd don't ever give away information about your account. It may be possible that scammers can get your account by using the information using the account access form.
We received an email supposedly coming from TNT (email@example.com) asking to verify an account. Catherine thought it would be a good way to put it up here in our page so she decided to take a screenie of it, but she got so annoyed at the email that she deleted it by accident.
Here's what the email looks like (we blurred out the email and the website URL for privacy reasons):
SIGNS OF A BOGUS EMAIL
(and Catherine's favorite section! XD)
1. Sender's Email Address
If the sender isn't from firstname.lastname@example.org, it's Bogus, all right. But sometimes, bogus email may include a "forged" email address in the "From" line - Some may actually be real email addresses that have been forged. (From: email@example.com, From: firstname.lastname@example.org) The "From" field of an email can easily be changed. It is not a reliable indicator of the true origin of the email. For example, if my email is email@example.com, and if I decide to send you a bogus email, I can change it to firstname.lastname@example.org. So, if the mail comes from someone at neopets.com, it doesn't always mean that the sender is from TNT, especially if the email is suspicious.
2. Account Status/Surveys/Account Generators
Many Bogus emails will try to fool you with the threat that your account is going to be deactivated or your account will be deleted if you do not update it immediately. Some emails contain messages asking you about neopets surveys, or some even sending you about neopoint generators.
3. The weakest link
While many emails have links included, just remember that these links can be forged too. The moment you click that link, you might be directed to a Fake Login Page.
4. Yours Truly, TNT
Many Spoof emails will begin with a closing message allegedly coming from TNT.
5. Asking for Personal Information
When you click that e-mail link or receive an email like this, most likely the sender will be asking for your personal account information when you click on a link in the email or comple a form in the email. This is a clear indicator of a Bogus Email.
These deceptive emails are called "Spoof/Bogus Emails" (honestly, I like it better calling it Booger...erm...Bogus. ^^;;) because they fake the appearance of a popular Web site or company in an attempt to commit identity theft. Also known as "hoax" or "phishing" emails, this practice is occurring more and more frequently throughout the online world. It does not only occur in neopets.com, but in other websites as well, so you have to watch out for that. You might have received an email like this, or an email coming from email@example.com. If it asks for information on your account, particularly your pässwörd, it's a scam! TNT will never ask for your pässwörd! If you ever stumble upon one, the best way to deal with it is t o delete the email (like what we did) or report it to TNT.
If you received a bogus email, please neomail me about it and take a screenie of it, so we can put it on this petpage!
Fake Login Pages
I was supposed to list the URLs of the login pages that I came across with. I have asked TNT whether I am allowed to list a fake login URL. But, as usual, TNT's reply would take forever, (Or maybe they won't even reply at all! Those lazy asparagus eaters... *whacks Adam with trout*) so I'll just have to take out the website URLs for a while. :)
Before anything else, I'll just abbreviate "Fake Login Pages" as FLP. I don't want to go through the trouble of saying Fake Login Page over and over again. My fingers get sore after typing a lot, you know.
Catherine: Get on with it!! Not another long story!! *whacks eridane with rockfish*
Me: Erm...Okay... -_-;; Back to the discussion. -_-;;;
Fake Login Pages, in my opinion, is an intelligent kind of scam. People who make FLPs usually have knowledge of HTML. But with the new neopets security system (which shows your current pet everytime you log in) and all of the security advisories from TNT, ALMOST everyone can determine an FLP from the authentic neopets.com website. Hurray for that.
But I said almost.
Not everyone can determine what an FLP is from the real one, and this is what this section is for.
Being a FLP hunter for almost a month now, I've come across several FLPs by just going into random websites. Here's a couple of FLPs that I'd like to show you:
Note: To prevent MY computer from being hacked by so-called Cookie Grabbers, I used another browser called Opera.
And I thought Neopets was ad-free. This must be one of the LAMEST FLPs I have EVER visited. *rolls eyes* I am so totally going to be fooled by this website. *pokes sarcasm* Rating? I give it a 4.3 out of 10!
This FLP has copied the new neopets login system. But it has ads. And the time is messed up. I took this screenie about 7:00 PM NST. And look at the time? It's 9 something AM! Is he living in another country or something? Well, good effort, though, but quit dreaming about fooling someone by using that lame FLP, because it's not ever going to work. I'd give it a 7 out of 10.
If you ever come up with a page with NeoClassic Login such as this, don't be fooled. This is a Fake Login Page. Neopets took off the old security system a long time ago and there is no such thing as Classic Neopets. Good effort, though. I give it a 8 out of 10
HACKED HACKED HACKED HACKED HACKED. 3y3 4m 73h 1337 h4xx0rz!! This is the funniest thing I have ever seen. *gigglesnorts* 9 out of 10!
Special Neopets Login Page? YEAH RIGHT, I BELIEVE YOU. *slaps stupid webmaker with a wet asparagus* The only rating I'll give you is a -10 out of 10. You deserve a negative rating. Awful page structure.
Catherine: WHENEVER I SEE THIS SCREENSHOT IT MAKES ME WANNA VOMIT!
Signs of a Fake Login Page:
1.) The URL is not neopets.com.
2.) It's the old neopets login system, where they don't show you your active pet.
3.) In some cases, it has a lot of ads in it that usually doesn't show on neopets.
So how do you get these Fake Login Pages?
Oftentimes, when you click a shop link, you might get redirected to another website that looks like the real neopets login page. You realize that you're logged out.
What happens when you log into a FLP?
Usually for most FLPs, you get redirected to an Error (404) page saying that the page does not exist. In some cases, you see a page that looks like neopets saying that your account does not exist, or it's a wrong page. But the moment you set your eyes on that website, your cookies may have been hacked already and the moment you click the "Log In" button, your username and pässwörd might have been sent to the hacker already!
Even if you know it's an FLP, leave that website as soon as possible. Chances are, that website might have a cookie-grabbing program in it, and you might still end up getting your account hacked.
What should I do when I encounter a FLP?
Follow the steps here. Then report it to TNT using this form.
What is a Cookie?
You may be thinking that someone may see your cookies and therefore be able to read your login info, but it's impossible for a person to be able to read cookies without a decoder, as the cookie codes are a bunch of random letters and numbers that only the machine understands, which are meaningless to humans.
Here's what a cookie from google.com looks like:
Just a bunch of random numbers, isn't it? Only google can interpret what this cookie means. That this is how a cookie looks. I changed the numbers and codes so someone wouldn't be able to read my cookies or steal my information.
If you are using Internet Explorer, you can view your cookies by accessing this on your computer:
**Note: For Windows XP/MT/2000 users, you have to change the USERNAME to your computer's username, otherwise, it won't work.
When you use another browser like Mozilla Firefox or Netscape, your cookies will be stored in another folder.
For Firefox users, go to Tools//Options//Privacy. Then click Stored Cookies/View Cookies under the "Cookies" tab to see them.
If you are using the newest version of the Netscape Browser,
go to Tools//Options//Privacy//Cookies then click View Cookies.
Clearing Your Cookies
Every browser has a different way on how to clear your cookies. Here's how to clear your cookies:
If you are using Internet Explorer 6.0, go to Tools//Internet Options//Privacy and move the slider up. You can also click Advanced to make changes on cookies.
When you visit the Help Boards, some people usually call Cookie Grabbers as CG, for short. When they say they (or someone else) has been CGe'd that means they're Cookie-grabbed.
Have you ever wondered why a certain type of code called " -disallowed_word- " is not allowed in neopets? That's because usually Cookie-grabbers use -disallowed_word- to grab your cookies. So, to prevent from neopians getting hacked, TNT banned people from posting -disallowed_word- on neopets.
According to the Wikipedia article about Neopets:
Between November 2005 and January 2006, a hole in the filters allowed users to include -disallowed_word- on customizable pages such as shops descriptons and user lookups. A group of users used this to read the login cookies of anyone who viewed those pages, which allowed them to log into those accounts. The hole was patched, but over the next month the group found another way past the filters, and at one point even managed to take over a moderator's account and abused the forum's lock/delete powers...A very powerful HTML filter to stop cookie grabbers and other malicious scripts was implemented on April 26, 2006. The filter ensures that HTML syntax is followed correctly by checking things such as brackets and quotes, and makes it impossible to use any code that the staff has not allowed.
So how does a Cookie Grabber work? When you visit a website that has a cookie-grabber, a small, blank pop-up appears and then closes quickly. The cookie-grabber tricks your browser into thinking you are visiting neopets.com, so your browser sends your cookie to it, thus the term "cookie-grabbing".
When you visit a Fake Login Page, usually, they have put in cookie-grabbers in there. It's like they're saying, You're not gonna leave us empty-handed. Sure, you may not be fooled by logging in your account on the FLP, but you're gonna be fooled with the cookie-grabber.
To prevent this, I recommend you use another browser, like Mozilla Firefox, Netscape, or Opera. These browsers are known to be immune against cookie-grabbing attacks. Or if you want to keep using Internet Explorer, be sure to keep your computer updated and download the latest security patches. Also, be wary of visiting websites outside neopets, because if that website has a cookie-grabber in it, you are hacked the moment you visit that page.
Try checking the webpage source of a website first before actually visiting them. To do this, type the following in your address bar: view-source:http://WEBSITEURLHERE. Just replace "WEBSITEURLHERE" with the URL of the website you wish to visit, such as www.neopets.com. Then a text file will pop-up, displaying the source code of the website. When there's -disallowed_word- codes in it or anything that has to do with Cookies, that website probably has a cookie-grabber in it, so you probably shouldn't visit it.
If you realize you've visited a webpage with a cookie-grabber, don't panic. Follow the steps below.
Help! I've been Hacked!
Sorry to hear that. But first and foremost, why'd you end up going to the website in the first place? If you didn't log into the FLP with your username and pässwörd, it's obvious that you've been scammed of your account using a cookie-grabber. But not hacked.
What to do when you've been scammed
Clear your cookies and close all your windows.
Go log into neopets and every other website you have an account on and change your pässwörd and PIN IMMEDIATELY!!!!
When a cookie-grabber hacks onto your cookies, that cookie-grabber only has your pässwörd at that time you visit the page. But when you change your pässwörd immediately, the scammer won't be able to hack into your account, and end up getting the "Bad Pässwörd" message.
For example, your pässwörd is "asparagus12asdfasd". Then you suddenly visit a Fake Login Page, and realize you were cookie-grabbed. Then you quickly change your pässwörd to "chias1q3adsfasdf". When the hacker grabbed your cookies, he only knows that your pässwörd is "asparagus12asdfasd" and not "chias1q3adsfasdf". By the time he tries to log in, he'll be logging on with the wrong pässwörd.
Catherine:If you suspect that it is not a neopet cookie grabber, but a Yahoo or Hotmail cookie grabber, change the pässwörds of those sites as well.
Use another browser.
Try using another browser like Mozilla Firefox or Opera. These browsers are known to be "immune" to these cookie-grabbing attacks. Since each browser stores cookies in different folders, you won't be cookie grabbed. But this is entirely your choice.
If the scammer munches into your cookies and gets into your account:
Before, when the filters weren't implemented on neopets yet, newtreasureseekers was CGe'd by visiting a user shop. Good news was that Neopets was on the lookout and noticed something strange going on with her account and froze them for her protection. A week later, she was able to get her account back by proving that the account was hers. Fortunately, nothing was taken away from her account. So here is some advice: make sure you have screenshots of your items in your SDB, gallery, neofriends, pets and their stats, what they are equiped with, titles of books they may have read, the amount of np you have...ANYTHING you can prove that the account is really yours. Who knows? This might help you whenever your account is invaded by cookie monsters.
Never Be Hacked Again
But of course, we shouldn't wait until the cookie-grabbers pounce on our accounts. There are some precautionary measures that can effectively reduce your chance of being cookie-grabbed.
Do not trust any off-neopets web sites. Log out of neopets and clear out your cookies before visiting them, and take extreme caution on visiting those websites, because those websites might just place a virus on your computer.
If you have two browsers, I recommend you use one for Neopets only and another one for other sites.
If someone tells you to go to some website, most likely the site contains cookie-grabbers.
Log out of neopets and clear your cookies before shutting down your computer. So that when your family members accidentally visit cookie-grabbing websites, your account won't fall victim to it. This rule applies the same when you use public computers.
It's important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.
Please either enable Automatic Updates under Start //Control Panel//Automatic Updates, or get into the habit of checking for Windows updates regularly. Always check the Windows Update for new security patches (go to www.microsoft.com), especially those which are related to internet security.
Have an anti-virus program installed in your computer. It's better if you have an antivirus like McAfee or Norton installed, but if you can't afford it (like me ^_~), try downloading these free AntiVirus and Adware-killer programs: AVG Anti-Virus(www.grisoft.com), AdAware SE Personal (www.lavasoftusa.com), and Zone Alarm Firewall (www.zonelabs.com).
Change your pässwörd periodically.
Catherine: Are you sure your browser is safe from all these -disallowed_word- and Cookie-grabbing attacks? I've found out a way on how to make sure your computer's browser is safe from vulnerabilities. Try going to http://www.jasons-toolbox.com/BrowserSecurity/ and run the Browser Security Tests. *pokes self* I know, I said it on the Update Page above. But this is a good thing you certainly don't want to miss. Plus, I like repeating what I say. I like repeating what I say. xD
Me: O_o;; Gawd. Utter silliness. If it just wasn't for your 1337 skills...
Whee! My very first award!! *cries for joy and holds up invisible trophy*
Feel free to send me some fanmail or ask me questions about cookie-grabbers and FLPs and I'll post it here! Nothing motivates me more than a dungified fanmail filled with love! =P I'd also appreciate it if you make a banner for my petpage. :) Because I'm totally terrible at PhotoShop. :P
I finally understand what a cookie-grabber is! =D Kudos on your petpage!
Way to go making a website for people who don't know...more people should do it! You obviously took a lot of time to do it, and it was not only informal, but interesting, too!
i saw your guide and I love it!I never knew what cookies were before.lol.but anyway could you give me the link to any of those fake login pages.They are so rediculos [ridiculous]!
I love your petpage. I knew a little about cookie grabbers, but that helped me understand better. I hope you have plenty of success with your coding and informing the general public.
-Ivan Rumery (bladed_cross)
Hey I just wanted to let you know you did a great job on your site, and we all appreciate you for helping us understand all that stuff! And the link to that security test page helped alot as well! Luckily my computer isn't very vulnerable, but good job on your page!
Please show your support by putting one of these banners on your shop/userlookup/guild etc.
I'd like to extend my gratitude to cat_cast, 0riginal_sin, starlight_ate_me, darcy_dear, fishnetforkitty, and lexi_neo_1 for making such wonderful banners! ^^
I would really appreciate it if anyone would be kind enough to make a glitter/site banner for me, as I am terrible at making banners.
guest, thanks for visiting my petpage! =) Hope you enjoy your stay here and come back again! I hope this petpage has provided you good information about Cookie-grabbers and Scammers. =)