2luo.com YouTube Phishing? I Hope Not

I just noticed that I tried to login with my YouTube account information at www.2luo.com . I hope it isn’t a phishing or other form of malicious site, but to be safe I changed my password there and on sites where I used a related pattern.

Sorting back through my tabs, I discovered how I ended up on 2luo.com . I had done a Google search for “youtube floyd wall remix”

2luo.com in Google Search Results for YouTube

Visiting the result which I have underlined in red, I’m now at a site that looks like YouTube and behaves like YouTube in every way, except the URL isn’t YouTube. I have reason to worry about anything I submit to the site.

I can hope that it is a harmless reverse proxy, but the whois for that site isn’t reassuring:

kdkkdk
lg ggg (lgvcd@hotmail.com)
+1.90383920
Fax: +1.90383900
kdkk
dkdkkkk, DJ 47738
US

For some reason, I don’t think that they are really in the USA.

I checked at PhishTank and this site hasn’t been reported yet.

I don’t really know how to further investigate, so I will take my fresh minted passwords and get back to other things.

How did it come about that I made this mistake?

I was absent minded and admit to relying on Google and Firefox’s anti-phishing protection. YouTube is a Google property, so there is some irony.

How much was human error?

Recently, human error has been reconceptualized as resiliency to emphasize the positive aspects that humans bring to the operation of technical systems (see Hollnagel, Woods and Leveson, 2006)1

Within the broad domain of industrial safety, the term resilience has come into use to emphasise that safety must be proactive as well as reactive.2

So, I take ownership for the mistake, and for quickly minimizing the damage of the mistake. My error was distraction. Like everyone else, I’m not particularly good at staying vigilant. That is why as well as reasonable personal responsibility and consideration of habits, we need better tools.

  1. Human reliability,Wikipedia []
  2. Resilience,Wikipedia []
Possibly Related Classroom Projects From DonorsChoose.org Powered by Social Actions
This entry was written by Lloyd, posted on January 18, 2008 at 6:01 pm, filed under Web and tagged , , , , , , , , , , , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

4 Comments

  1. Avatar Jeffro2pt0
    Posted January 20, 2008 at 3:41 am | Permalink

    So does this prove that even knowledgeable human beings can still make mistakes that we know, shouldn’t happen? Good thing you caught onto the domain name before it was too late. And I agree, that whois information is looks pretty shabby.

  2. Avatar HiP.P
    Posted February 20, 2008 at 12:23 pm | Permalink

    Lloyd, if you find anything out about the 2luo site email me

  3. Avatar Bob Weigel
    Posted February 29, 2008 at 12:43 am | Permalink

    I just had the same experience. I caught a google link to some debate I was going to post in and it was about the time for my login to expire I figured so the question seemed normal and I didn’t think twice but quickly altered my password after realizing the address was this other site with youtube icons all over it! Man…

  4. Avatar SP
    Posted April 6, 2008 at 3:53 pm | Permalink

    I stumbled across that site once. I changed my YT password before they (might have) came to hack me.

One Trackback

  1. By Denuncia | ¿Qué es 2luo .com? on March 10, 2008 at 4:16 am

    [...] comencé a buscar referencias, pero nadie ha hablado de este tema, excepto una página en inglés hace un par de meses, ellos ya se hicieron la misma pregunta, pero parece que finalmente no sacaron nada en claro, el [...]

Post a Comment

Your email is never shared. Required fields are marked *

*
*