[fr] Comment j'ai cru que orCut.com était un faux site destiné à ramasser des mots de passe orKut, et un commentaire sur l'irresponsabilité de Google, qui par de telles pratiques encourage les internautes à tomber victimes du phishing.
Preliminary note: although nice blogging tools like WordPress have really sexy interfaces for you to type your posts in, resist the temptation. I won’t tell you more, except that Q and W are right next to each other on my keyboard, and that I’m about to write up this bl***y post for the second time.
So, I’m a bit of a referrer junkie. When I see something new, I usually click’n see. Today, I found this in my recent referrals. Now, since I nearly got phished, I’m a bit cautious, and I immediately noticed that it was orCut and not orKut in the URL, even though (particularly as) the pages on the two sites look exactly the same.
Do you smell a rat? I smelled a phish, and it seems I’m not alone. A quick expedition on google, however, tells us that many think orCut.com is legitimate. Scary! Think of what these people would do with all the juicy information they would get out of our Orkut logins and profiles! And hey, it’s not just orCut, there is orkAt too!
But wait. Everybody freeze! Look what Suw managed to dig out: a May 04 post from Evan William’s blog, telling us orkAt, orCut, and even orCIt are legitimate alternatives to orKut.com. Well, we’re most relieved to know this wasn’t all some evil scam — and Ev should know what he’s talking about, as he works from Google.
However, doesn’t it strike you as a trifle irresponsible on the part of Google to do something like this? I mean, doesn’t this make users more vulnerable to phishing? Next time they get a PayPal e-mail with a fake link in it, are their alarm bells going to ring, after their positive experience with the “alternative Orkut URLs”? Methinks they could at least have specified the alternate URLs somewhere on the home pages. A quick trip to orkut.com would have cleared any doubts of mine. ‘Coz now, who is to stop Orkit.com, or any other nice-sounding possible clone that phishers may come up with?