IN CASE YOU HAVEN'T SEEN IT! CSRF/Phishing attack
Originally posted by markf at CSRF/Phishing attack
There is currently a CSRF designed to mislead you into believing LiveJournal is requesting your username and password, when the data is actually being requested by a third party who is trying to gain access to your account.
The attack will appear as though someone has left you a comment, but an image similar to the following will appear requesting your password:
The domain used, liv i ejournal.com, is not livejournal.com, and you should not enter your password into any popup like this which appears. The domain used by the attacker could change at any time.
If you have entered your username and password into any popup like this, you should immediately change your password at https://www.livejournal.com/changepassword.bml.
If any content has been deleted from your journal by someone other than you, please submit an abuse request.
There is currently a CSRF designed to mislead you into believing LiveJournal is requesting your username and password, when the data is actually being requested by a third party who is trying to gain access to your account.
The attack will appear as though someone has left you a comment, but an image similar to the following will appear requesting your password:
The domain used, liv i ejournal.com, is not livejournal.com, and you should not enter your password into any popup like this which appears. The domain used by the attacker could change at any time.
If you have entered your username and password into any popup like this, you should immediately change your password at https://www.livejournal.com/changepassword.bml.
If any content has been deleted from your journal by someone other than you, please submit an abuse request.