|
07 Jul 21 - 04:47 PM (#4112657) Subject: Tech: Phishing using fake album pages? From: GUEST,Rossey Hi Mudcatters. A quick query for those more au fait with the Internet world. I notice when I go looking for my late father's long deleted album releases, that a number of fake web pages have been created using autobots and discogs or 45 world's text and images. They claim that the albums are available to download as FLAC or MP3 files, when they are clearly not. Occasionally I'll click on to the pages, and then find they are ripped off from Discogs etc. My two questions are: 1. by clicking on the page am I giving data away to cyber-criminals? 2. I never click on the download here button.. 2. If I did what would likely happen? Does anybody know what the motivation for creating these many fake album webpages is? |
|
07 Jul 21 - 05:13 PM (#4112658) Subject: RE: Tech: Phishing using fake album pages? From: Stilly River Sage They don't mean to be helpful. I hope you have a good anti-virus and malware program running on your computer. |
|
07 Jul 21 - 06:03 PM (#4112664) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,# The following is seven years old but likely much the same as you are asking about: https://www.discogs.com/forum/thread/404465 https://www.discogs.com/forum/thread/404465 PS I wouldn't click the link that's there when the post opens. But do notice it has an http and not an https preface. |
|
08 Jul 21 - 03:16 AM (#4112669) Subject: RE: Tech: Phishing using fake album pages? From: DaveRo GUEST,Rossey wrote: My two questions are: 1. by clicking on the page am I giving data away to cyber-criminals? 2. I never click on the download here button. If I did what would likely happen?1 - Assuming you are using a modern supported browser, the only data you will give them is your IP address, some preferences for the response you'd like (e.g. language) and maybe some cookies. The site could contain code that works out what browser and operating system you're using, whether you're blocking stuff, whether you have certain features like Flash Player - which has numerous security flaws. So if you were using Win 7 and IE, which is insecure, they could send you some malware tailored to that. From the advertising cookies it might work out what sort of sites you browse and tailor an attack based on your predilections. 2 - If you're running 'antivirus' software (including Microsoft's built in security stuff) it should scan the download and tell you whether it's malware - maybe 'quarantine' it. If this were really clever malmare, or new, it might use a method not previously detected - a so-called 'zero day' - and the AV wouldn't detect it. Or it might evade detection by changing frequently - like virus variants. If the AV didn't trigger then it depends whether you open it: that's when you may have a problem. Some AV programs check a file when you open it. Some operating systems might open things automatically based on what it thinks they are - it may look like an mp3 so it might index it - but it may not be. If you have a file you're suspicious of, or you're using an old unsupported system, you can send it to a site called Virus Total which checks against all AV signatures. |
|
08 Jul 21 - 04:14 AM (#4112672) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,Rossey Thanks for the replies. I just couldn't understand why people are/were creating these mirror pages I resent the use of my late father's image and releases in these scams, but that's the reality of the Internet. Generally if you do an album check, and the web page is offering a download of a deleted album or single and lists the tracks as A1, A2, B1 etc. with it in the format of Discogs vinyl, you know its a fake. At least the porn links aren't as widespread as they used to be. Sometimes when typing in the unique and innocent song titles my father wrote, autobots will have created false Google pages with numerous random sexual terms of all kinds linked to the title. It also used to be pop ups, but they are now stopped. I remember years ago going into a library to do a song check, linked to a song title, and something embarrassing popped up. When you are an adult it's not so bad, but kids could equally find it (though my father's stuff is for old fogeys like me). Such is Internet life. |
|
08 Jul 21 - 05:44 AM (#4112688) Subject: RE: Tech: Phishing using fake album pages? From: JHW Useful info in the replies for low tech people like me. I don't believe 'helpful' offers or ads so I don't trust to click on anything. I guess the producers win as some folks are less cautious. (Once tried a digital/analogue convertor but it replaced all my browser bar stuff). I'm told using this dongle creates a new IP address each time I'm on line. |
|
08 Jul 21 - 06:59 AM (#4112691) Subject: RE: Tech: Phishing using fake album pages? From: DaveRo You may get a new IP address for each session but it's not a privacy or security feature. There's usually nothing secret or private about an IP address - unless you want to remain completely anonymous in which case you may want to keep it secret. If I knew your IP address I could tell who your internet provider was, and probably where in the world you live. Law enforcement agencies, knowing your IP address at a particular moment, could ask your internet provider who was using it. You can attempt to prevent that by using a Proxy Server, which changes your IP address between you and a website and makes it appear your are somewhere else. Or to make tracing even more difficult you can use TOR (the Onion Router) which bounces your internet requests and replies all over the world. |
|
08 Jul 21 - 11:39 AM (#4112709) Subject: RE: Tech: Phishing using fake album pages? From: Stilly River Sage In years past when I was looking for information about individuals in places like Google Image Search, the further down the page you go the dodgier the results. And often times these faces were harvested by bad actors hoping some researcher will take the bait and download the image or try to open the site. I'm sure the same principle applies for other online content. |
|
09 Jul 21 - 04:28 AM (#4112750) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,matt milton If you're actually looking to find the recordings of your late father's long deleted albums, have you tried asking directly on a site like this one? Someone on here might have them and I'm sure would be prepared to digitize them for you. |
|
09 Jul 21 - 06:51 AM (#4112760) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,Rossey Matt, to keep up to date and keep track of songs I administer, I just do copyright and song title checks - or see where old copies of albums are being sold. So I look at Internet pages, and sometimes get led to these fake mirror sites, that use Discogs data recycled. I couldn't understand what people are gaining when they create these fake pages and if there are any dangers when you click on? Hence my query here. |
|
09 Jul 21 - 01:28 PM (#4112783) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,# GUEST,Rossey: Your remark is mirrored (excuse me for that) on a Discogs discussion site, link below. Of particular interest is that it's from discussions four years ago. https://www.discogs.com/forum/thread/745305 |
|
09 Jul 21 - 01:41 PM (#4112787) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,Rossey Thanks guest! That Discogs discussion link on the subject is really interesting and enlightening. |
|
09 Jul 21 - 03:08 PM (#4112793) Subject: RE: Tech: Phishing using fake album pages? From: JHW Thanks DaveRo. I have some 'Ghost Surf' discs a friend gave me but I've never dared use them. |
|
09 Jul 21 - 04:59 PM (#4112803) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,# DaveRo knows more about this stuff than I do, for sure. That said, JHW, here's a link to a site that may help explain how GhostSurf works, and doesn't work. But remember, it seems to have been written by GhostSurf marketers, so ya pays yer money and ya takes yer chances. |
|
09 Jul 21 - 05:00 PM (#4112804) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,# https://whatismyipaddress.com/ghostsurf Might have helped if I'd included the address. |
|
09 Jul 21 - 05:35 PM (#4112807) Subject: RE: Tech: Phishing using fake album pages? From: GUEST That page on Ghostsurf article has 'Related Articles' at the bottom. One of which is 'How do I hide my IP address'. That lists four ways of hiding your IP address, not of which are Ghostsurf. How does the web page send anything back to you if Ghostsurf has 'scrambled you IP address'. Or is it just hiding which of the computers on a local network you are? |
|
09 Jul 21 - 05:49 PM (#4112808) Subject: RE: Tech: Phishing using fake album pages? From: DaveRo I read that page and it doesn't explain exactly how ghostsurf works. I got the impression the author didn't know. In particular "Ghostsurf scrambles the IP address much like a good firewall package would do." doesn't make sense to me. Ghostsurf appears to have been produced by Tenebril Inc who were bought out over 10 years ago by a company that no longer sell it. The latest paid version I could find was from 2007. I would throw those discs away. |
|
09 Jul 21 - 06:17 PM (#4112812) Subject: RE: Tech: Phishing using fake album pages? From: GUEST,# Thanks, Dave. |