Even when it’s not a phishing site they might be phishing


Post to Twitter Post to Facebook Post to StumbleUpon

Last week I was busy making plans for my trip to Washington DC and Microsoft’s Worldwide Partner Conference, where I’m scheduled to pick up the Small Business Specialist of the Year award. (still happily amazed) Since the hotels in Washington DC are so very expensive I decided to give Priceline.com a try. 50% off a 4 star hotel was sounding pretty good.

Priceline works like most travel websites except that you name a price that you are willing to pay, the neighborhood you want to be in, the rating of the hotel and then you let Priceline select the hotel for you. It is a way for hotels to fill rooms, even if it’s at a discounted rate.

Naturally the website wants me to create an account and they also want me to select a secret question to which only I will know the answer. Here’s the first question in the list:

security question

I simply laughed. Here is a legitimate website phishing. Were anyone to give them this information then it is very likely that who ever has access to it could log in all over the web as them. Raise of hands…how many of you use the same password on multiple websites? That’s right, almost everyone.

I sent it my findings to a couple of people. Steve Riley (Microsoft speaker, author, noted security guru and now Amazon Web Services employee) picked up the story for his blog. Gotta love the title.

http://stvrly.wordpress.com/2010/06/30/a-rant-in-which-i-heap-scorn-upon-priceline/

Be careful out there.


So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Third Tier
Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

Leave a comment

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.