2luo.com YouTube Phishing? I Hope Not

I just noticed that I tried to login with my YouTube account information at www.2luo.com . I hope it isn’t a phishing or other form of malicious site, but to be safe I changed my password there and on sites where I used a related pattern.

Sorting back through my tabs, I discovered how I ended up on 2luo.com . I had done a Google search for “youtube floyd wall remix”

Visiting the result which I have underlined in red, I’m now at a site that looks like YouTube and behaves like YouTube in every way, except the URL isn’t YouTube. I have reason to worry about anything I submit to the site.

I can hope that it is a harmless reverse proxy, but the whois for that site isn’t reassuring:

kdkkdk
lg ggg (lgvcd@hotmail.com)
+1.90383920
Fax: +1.90383900
kdkk
dkdkkkk, DJ 47738
US

For some reason, I don’t think that they are really in the USA.

I checked at PhishTank and this site hasn’t been reported yet.

I don’t really know how to further investigate, so I will take my fresh minted passwords and get back to other things.

How did it come about that I made this mistake?

I was absent minded and admit to relying on Google and Firefox’s anti-phishing protection. YouTube is a Google property, so there is some irony.

How much was human error?

Recently, human error has been reconceptualized as resiliency to emphasize the positive aspects that humans bring to the operation of technical systems (see Hollnagel, Woods and Leveson, 2006)¹

Within the broad domain of industrial safety, the term resilience has come into use to emphasise that safety must be proactive as well as reactive.²

So, I take ownership for the mistake, and for quickly minimizing the damage of the mistake. My error was distraction. Like everyone else, I’m not particularly good at staying vigilant. That is why as well as reasonable personal responsibility and consideration of habits, we need better tools.

1. Human reliability,Wikipedia [↩]
2. Resilience,Wikipedia [↩]