PSA -------- CSRF/Phishing attack

[marguerite_26]

Just signal boosting...

Originally posted by markf at CSRF/Phishing attack

There is currently a CSRF designed to mislead you into believing LiveJournal is requesting your username and password, when the data is actually being requested by a third party who is trying to gain access to your account.

The attack will appear as though someone has left you a comment, but an image similar to the following will appear requesting your password:




The domain used, liv i ejournal.com, is not livejournal.com, and you should not enter your password into any popup like this which appears.  The domain used by the attacker could change at any time.

If you have entered your username and password into any popup like this, you should immediately change your password at https://www.livejournal.com/changepassword.bml.

If any content has been deleted from your journal by someone other than you, please submit an abuse request.

Comments

[meredyth-13.livejournal.com]

I just had a very corrupt looking post comment screen come up when I went to reply to someone else's post. Not sure if it's part of the same problem, but I backed away quickly.

Thanks for the signal boost. I hope no one gets caught.

*hugs*

[marguerite-26.livejournal.com]

meep.

I haven't seen anything yet - but man - DNW my lj hacked. :/

[lilyginny27.livejournal.com]

May I share your post with my flist?

(Not that most of them don't already follow you anyway, but just in case.)

[marguerite-26.livejournal.com]

yes, of course!

You can even go directly to the original post here:
http://lj-support.livejournal.com/840844.html

and click the little '+' sign and it will like back to the official post and not to mine. :)

[lilyginny27.livejournal.com]

You know, I didn't even catch that at the beginning of your post. LOL!

D'oh! Thanks!

[marguerite-26.livejournal.com]

the 'share' function is a bit tricky! it makes it look like 'I' wrote this post. Which I did not. *g*