Phishing, pronounced just like fishing, is a term you must be aware if you use the Internet for any kind of sensitive transactions.  You could be at risk of a phishing attack if you use online accounts such as Paypal or your bank account, credit card account, etc.

Quoting Wikipedia,

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging and it often directs users to enter details at a website.

I had written on How to spot a fake PayPal email in the past and it was well received. Today, I received an improved version of another PayPal phishing attack by email. I think this is another good chance to raise awareness on such attacks and what you should be watching for.

In the past post, we looked at a few clues that gave away the PayPal phishing attempt. The clues in the last email were:

Read More

Hello newcomer, did I say welcome to ShanKri-la yet? Before you move on, just wanted to thank you for visiting and we hope you come back and see us again!

It’s no secret GTalk client is for Windows only. Linux and Mac users have so far sought out other IM alternatives thanks to GTalk using Jabber protocol for their IM client. I use openSuSE 10.3 as my primary desktop and have had trouble getting some of the excellent IM clients like Pidgin to work behind a proxy.

Thanks to GChat in Gmail, I have been able to use IM even if it has to be within Gmail. I even used a Greasemonkey script for Gmail 2.0 to alert me with the tab flashing when there is a new IM. However, I did find this a little annoying to keep going back to Gmail to check on IM messages. Because, everytime I go into Gmail to see IM messages, I would also end up checking my Inbox and before I know 20-30 minutes would have vanished. This kind of goes against my goal of trying to increase productivity with all these web apps and hacks.

So, I started to run Google Talk gadget in my browser sidebar with a browser bookmarklet. This freed me up from using GChat in Gmail to GTalk in my browser sidebar.

You’d think I’d be content at this point. Not.

Run Google Talk (GTalk) gadget with Mozilla Prism

Mozilla Prism released their 0.9 version last week and I am smitten by the usefulness of it. If you haven’t heard of it, check out my Mozilla Prism review. In that post, I also show how you can run it from behind a proxy at work or school. Since it’s a beta version and a work in progress, they don’t have a straightforward setting for proxy in it’s options yet.

If you don’t want to click over, Prism is a prototype from Mozilla Labs which lets you split your web applications from the web and run it in your desktop as a standalone application. They even allow separate profiles for each Prism app which means you can have multiple Gmail accounts open in different Prism web apps in your desktop.

I have taken this idea and created a Prism web app for the Google Talk gadget and now I have a GTalk client like app running standalone in my desktop!

Here’s how you do it:

1. Install Mozilla Prism - Windows, Mac & Linux installers (v0.9 at the time of writing)
2. Create a new web app with url https://talkgadget.google.com/talkgadget/client
3. Give it a name and choose to save it on desktop
4. You are done!

If you are a Mac or a Linux user, you can now run GTalk standalone in your computer with Mozilla Prism. If you are already using Firefox 3, with this Prism Firefox extension you can just open this url (or any other web app) in Firefox 3 and then directly create a desktop application for GTalk right from your browser.

I see that Prism has an option to install extensions. It doesn’t look like it’ll accept Firefox extensions as it complains that they are not compatible. I even tried turning off compatibility checking but didn’t have much success. I would love to hear if someone has succeeded installing extensions with Prism as that would open up a whole new world of options to these Prism web apps. I am sure it will be obvious in the coming releases. But, I want to make it work today!

GTalk makes it the fourth web app I run in my Linux desktop with Prism after Gmail, Google Reader and Remember the Milk.

What other web application do you see yourself running on your desktop with Mozilla Prism?

Bookmarklets are tiny useful javascript nuggets that can be easily dragged and dropped to the bookmark toolbar in a modern browser such as Firefox, Opera, etc. They can be used to quickly perform a task without having to visit the website/web service with just a single click.

I have compiled a list of bookmarklets that I find useful and use regularly.

• Stumble This! - StumbleUpon Toolbar less stumbling link. Very useful if you don’t want any other extra features that the toolbar provides. Become a power stumbler quickly! [via Firefox Facts]
• Gmail This! - One of my most used bookmarklets. Opens up a compose window with the url I am at in the email body and the title of the page in the subject. Based on a reader request, i previously showed how to create a custom gmailthis bookmarklet out of this for your most frequent contacts.
• Google Notebook - Note This bookmarklet now lets anyone to quickly select a block of text and hit the bookmarklet to save it in Google Notebook. Don’t select anything and hit the bookmarklet to save the url of the page you are in.
• Share This! - A very useful WordPress plugin also comes as a bookmarklet that lets you share a link via different social networks or by email.
• Digg Submit - Submit a site to Digg easily with this bookmarklet
• TwitThis - Send a quick Tweet if you have a Twitter account. (my Twitter account)
• TinyUrl! - Make a long url a short one with TinyUrl with this bookmarklet
• Subscribe.. (Google Reader) - Subscribe to a website/blog’s RSS feed with Google Reader in one click. You could also try a Google Greasemonkey script to do this automatically when you hit any RSS feed.
• Analytics Today (Google Analytics) - This bookmarklet will take you to your Google Analytics account and show you today’s stats for your site. You have to edit this url and insert your Google Analytics id (you’ll see it in the location bar when logged in) where it says .
• RSSFwd - It’s a bookmarklet for a service that lets you have any RSS feed emailed straight to your inbox.
• PassPack It! - This is a bookmarklet for my favorite online password manager program, PassPack. Once setup, it lets you quickly login to websites with your saved username/passwords.
• Add to RTM! - A bookmarklet to add tas
• Google Talk (gadget) - Opens the Google Talk gadget. Read how to open Google Talk gadget in Sidebar here.
• Enlarge Text Areas - Use this to enlarge text areas in forms in any website or blog.
• Zoom images in - This one lets you zoom into images in any website
• Map your Flickr Photos - A very cool bookmarklt that enables mapping, geocoding and geotagging directly in your Flickr photo page [via Sumaato]
• All-In-One Video - The all-in-one bookmarklet supports YouTube, Google Video, Metacafe, Myspace, Break.com, Putfile, Dailymotion, Sevenload, MyVideo.de and Clipfish.de. Bookmark the link below and access the bookmark when looking at videos on any of the supported websites. The bookmarklet will give you the download-link(s) for the video you were looking at.
• SecondBrain - You can easily add websites to your SecondBrain account. (3/13/08)
• PricePinx - Just highlight the price in a product page and use this bookmarklet to receive price drop alerts from ProcePinx. (3/13/08)

A great resource I found while collecting bookmarklets I could use and that might be of interest to you, is Jesse’s Bookmarklet site. He has nicely categorized various bookmarklets into different sections.

Do you know of any other bookmarklets that’ll make this list better? Let me know in the comments and I’ll add them to this list. As the other posts in the Top Stuff series (look below for other posts), this list will be an evolving one with updates as I come across useful ones.

I have become a big fan of opening some of my most used web services/applications in my browser sidebar after starting to use a widescreen monitor. It gives me good use of the extra space I have in the browser with most sites I frequent being fixed width and don’t really have to be as wide as the monitor.

Here are a few things I open in a sidebar right now:

• Open Google Calendar in browser sidebar
• Open Google Docs in browser sidebar
• Open Remember the Milk in browser sidebar

Open Google Talk Gadget in Sidebar

I have been using the Gchat within Gmail for a while now. I have the Faviconize tab Firefox Extension and the Gmail Favicon Alerts Greasemonkey script to get the Firefox tab flashing when there is activity in Gchat. But, I would have to either keep my eye on the tabs (I tend to have a dozen open) or miss someone’s IM for a while until I go back into Gmail.

I recently came across a cool bookmarklet for Google Talk gadget and figured I could use that to open the gadget in my browser sidebar. I love this as the Google Talk gadget offers a few more options than the Gchat in Gmail. You get a ‘Call’, ‘Group Chat’ & offline message (Gchat goes to compose window when a contact is offline) with Google Talk gadget. Plus, chat sessions with different contacts appear in neat tabs. When you get a new message, it creates an easy to notice yellow message blurb even if you are on a different tab.

Also, you get to see your contact’s profile picture in the gadget if they have one.

Here is how you do it:

1. Drag this link to your browser bookmark bar GoogleTalk! OR right click and copy the location and save it as a bookmark
2. Right click on the saved bookmark and open Properties
3. Choose ‘open in sidebar’ option (Firefox & smiliar browsers.. not sure if it’ll work in IE)

That’s it! In Firefox, you can use F4 to toggle the GTalk gadget sidebar window. (Update: This is true only if you are using All-In One Sidebar Firefox extension as that gives you a hotkey to toggle sidebar)

I realize this post isn’t for everyone but with wide-screen monitors replacing the regular ones, I figured you might find it useful.

I love to find new things and would love to hear how you go about using Gchat/GTalk. I am sure this is not the only way and I am always open to new ideas.

Here is some good news for all the Firefox fans who aren’t afraid of trying something at the bleeding edge.

Firefox 3 Beta 3 is available for download now. If you have already been using Beta 2, you’d probably notice the improvements in this new beta release but if you are really interested in figuring out what’s new in this particular release, Lifehacker has compiled a list of improvements.

If you are just curious about what’s in new in Firefox 3 altogether, check this extensive review by Mozilla Links. I couldn’t do justice to this fine article if I tried to do it here again. So, please check it out if you are interested to see if it’s worth checking out a beta release.

Now, if you are like me and want to run Firefox 2 as well as Firefox 3 so you can get the best of both worlds, check out my earlier post on How to run Firefox 2 & Firefox 3 Simultaneously.

How to make Extensions work in Firefox 3?

Also, you’d find that some of the extensions haven’t been made compatible with Firefox 3 Beta 3. You could still install them if you are brave enough to turn of the compatibility checking and don’t care about intermittent crashes and possible security breach that comes with it in a few easy steps. Again, be warned that you are on your own from this point onwards.

1. Type about:config in your location bar and accept the warning message
2. Right click somewhere and choose New->Boolean and enter a new entry extensions.checkCompatibility with value false.
3. Enter another entry extensions.checkUpdateSecurity with value false.
4. Restart Firefox

As I said before, by doing this you are probably opening up a can of worms with this but you might get lucky with running a few extensions that you absolutely need but haven’t been made compatible by the author. I have about a dozen extensions in Firefox 3 beta 3 now working good so far where as I have about 25 installed in Firefox 2.

Download Firefox 3 Beta 3

Happy surfing!

Can you spot a fake email when you see one? Especially, one that might be trying to steal your PayPal login information.

Here is an email that I received, at first look, from PayPal. It warns me if i didn’t sign in and update my billing information, my account might even be deleted!

As authentic as the email might seem - notice the phishing attacks are getting better, the English isn’t as broken as we would see, there is a big giveaway if you know what you are looking for.

Clue #1:

Look at the URL of the link they want you to click in the email. It is made to look like a AOL.com address but all they are doing is using aol.com to redirect it to a IP address which has paypal.com word in the url.

Clue #2:

If you failed to sense something is amiss in the link, you can still spot a major flaw. After you click on the link in the email, if you looked at the Location bar in your browser, you’ll see the url as http://201.155.199.155/icons/www.paypal.com/managament/cgi/. But, look how identical the web page looks like compared to an original PayPal page.

The URL shows that it isn’t a paypal.com address you are at. You are at some other server that has the words paypal.com in it’s URL. This should send a big red warning signal to you. IP location software points this server to be located at Cordoba, Mexico.

Once you have missed the second clue, it is very hard to turn back after that because they have copied everything from the real Paypal login page except they have their own PHP script behind the login form. All the links in the fake page actually point to the PayPal’s website as is common in most phishing sites.

Here is the fake PayPal login page:

(fake PayPal login page)

Here is the actual PayPal login page:

(actual PayPal login page)

Once you enter your login credentials and hit Login, you have just given access to your PayPal account to someone else.

Clue #3:

There is another subtle clue that may not be apparent. The page has some extra characters that is totally out of place but hard to spot. I don’t know if it’s a typo or carelessness or if it’s a code for the phishers but mostly likely a typo.

How can you protect yourself from phishing attempts?

You might not be using PayPal but there are many phishing attempts everyday at many financial websites such as Bank websites, Credit Card websites, etc. And it will pay to be careful when you access your accounts from emails such as this.

Here are a few things you could do to protect yourself:

• Look for the clues mentioned above and as you can see they are nothing special but just common sense.
• If you really believe the email could be a real one, just login to the website from your own bookmark to the website or by typing the web address in the browser instead of clicking the link in the email. By practicing this all the time, you wouldn’t even be vulnerable for that one time when you might be tired or not so alert or sleepy and click the link in an email.
• Use a secure browser such as Mozilla Firefox, which has a phishing filter and shows a warning when you access a known phishing site. Internet Explorer 7 and newer browsers also have a similar feature so it pays to upgrade your IE 5/6 to newer versions.

If you are Internet savvy, this is all too familiar to you. But, we all know someone who may be unaware that such attempts are made everyday and we should try to educate them so they won’t be caught unawares.

Update: 6/24

I received a second PayPal phishing attempt and you can read it about it now.

In the last couple of weeks, we saw how to run Google Calendar & Google Docs in your Firefox sidebar. Now, let’s see how we can my favorite online task manager in a browser sidebar.

For those unaware, Remember the Milk is an excellent online task manager with awesome features. Remember the Milk (RTM) for Gmail Firefox extension made it possible to have Remember the Milk open in a sidebar right within Gmail. And I love the implementation.

But, not all of us use Gmail or have Gmail open all day to access Remember the Milk anytime. No worries though. You can have it open in the sidebar anytime by using the url for iGoogle gadget for RTM.

Just create a bookmark named something like ‘RTM in sidebar’ with the url http://www.rememberthemilk.com/services/modules/googleig/ and check the ‘load in sidebar‘ option. The iGoogle gadget version doesn’t have the full blown features of the Gmail Firefox extension but it is simple enough to quickly check tasks and add tasks.

I like this option for the rare times when I don’t have my Gmail open. I can see how this could be a great option if you don’t use Gmail or just don’t have it open all the time.