Original link: https://hin.cool/posts/protectqq.html
foreword
I thought that QQ account hacking has become a thing of the past. After all, in the Internet cafes more than ten years ago, as long as you accidentally opened a certain type of website and were guided to download the player, then in all likelihood, your QQ account will be logged in different places. , or the password is changed, and then you have to fill in various information to try to appeal, but you may not be able to get it back.
As early as many years ago, Tencent began to guide users to bind a secure mobile phone, and then a mobile phone verification code was also required to apply for an account. It stands to reason that personal QQ accounts are more secure than ten years ago, but the methods of account hackers are constantly being updated. I was on a friend’s account today, and I received a message by chance, so I used this to talk a little bit.
strange letter
The news received was very common, and even the words could not gain the trust of people with a little common sense. The QQ account can indeed invite friends to assist in verification, but there is no temporary login before the verification is passed.
The vast majority of hackers will publish news through “zombie accounts”, whether it is QQ space or private chat with individuals. Before the popularity of smartphones, the vast majority of hackers hunted people who used computers but had no security protection on their computers. They carried the disguised files of the hacking Trojan to induce the prey to run the programs sent by them. The process of hacking was mysterious. do not feel. If there is antivirus software installed on the computer, they will also induce the prey to temporarily turn off the antivirus software.
After the popularity of smartphones, most hackers took the simplest way, that is, disguising an official page and enticing users to enter the account password. Every time I encounter this situation, I will enter a national quintessence in the password box.
Most users bind a secure mobile phone and turn on the login device lock. Obtaining the account password alone is not enough to gain control over the account. So today’s protagonist looks smarter. He didn’t directly send a fake phishing link, but a QR code. As we all know, the web page opened in the mobile phone QQ will not display the link directly.
After parsing with the decoder, I found that the link is as follows:
http://superfusionfive.com/#/ Note: Good guy, use the top-level domain name directly |
understand each other’s thinking
The page is a normal-looking webpage with a dynamic QR code in the center, a one-click login button below, and the link at the bottom to the official Tencent link.
When I opened it with my mobile phone, I found that this webpage can indeed directly evoke QQ one-click login. When I saw this, I was a little puzzled. What can the other party get after I log in with one click? cookies?
Unable to hold back my curiosity, I finally scanned the code with my own account, and the interface displayed “Login Allowed” and “Login Denied”. Thinking that I was bound with a secure mobile phone number and could retrieve it at any time, I clicked Allow Login.
Then the webpage jumps directly to the verification code input page. The words “Friends’ Assistance” at the top are very confusing. Tencent officials did indeed send a verification code text message.
However, the message content is as follows:
[Tencent Technology] You are [modifying QQ89xxxx23's password-protected mobile phone], and providing the verification code xxxxxx to others will lead to the theft of QQ and loss of assets. If it is not done by me, please change the password. |
Therefore, the understanding of the other party is obviously much higher than that of many hackers. Inducing the prey to change the bound mobile phone number, once Xiaobai believes it is true, then the control of the account is really completely in the hands of others.
follow-up
This phishing website uses a static web page, so it is impossible to try to sweep the background blasting; if it is resolved to cloudflare, there is no way to get a wave of ddos; no valuable information can be found in the Weibu intelligence community.
Every time I encounter this kind of thing, I am so envious of the big guys who can “accidentally enter the background” after discovering the gambling website, but we can’t hope that there will always be warriors who will punish the evil for us, the only thing we can do is protect yourself. I hope that everyone can be more careful when they receive unknown information, see if the root domain name is correct, and contact the sender to confirm through other means.
You see, didn’t the employees of a big Internet company like Sohu suffer from “internal email” fraud?
This article is reprinted from: https://hin.cool/posts/protectqq.html
This site is for inclusion only, and the copyright belongs to the original author.