Sunday, February 16, 2014

Phishing nearly caught me

So I'm doing a little leisurely Sunday web surfing.  I leave the machine to make a cup of hot chocolate.  When I get back, I have a new window open, one I've never seen before.  Looks official.  And it says there is an emergency browser update, hot off the presses, and I ought to click right here to install the update.  It will only take a few seconds. 
  I nearly clicked.  Which probably would have been a big mistake. 
  But I hesitated, and thought.  This isn't the way Firefox updates.  They never do a full screen window, their update routine looks different.  In fact, I just updated Firefox to version 27.0.1  a couple of days ago.  And it didn't look anything like this.  So, I closed the window, closed Firefox.
   Restarting Firefox, I clicked on the "check for updates" button inside Firefox, and lo and behold, Firefox reports himself all up to date.  So much for emergency browser updates.
   The scary part is, that update browser window managed to force itself onto my PC with no help from me.  That's kinda unusual.  Then it wanted me to click on a button.  I wonder why.  Here is a hostile website, powerful enough to move into my computer all by itself.  Anything that powerful can do pretty much anything it pleases.  Why does it want to get a mouse click from me? 


Anonymous said...

Got the same suspicious windows urging an immediate upgrade to 27.0.1, BUT the links did not resolve in the lower-left corner, nor was it an HTML program.
Firefox has said noting about it --- maybe they are stuck in the snow!

Dstarr said...

There is a good chance this phish never came anywhere near the Firefox people. I didn't report it to them. I wonder if anyone did?