hi5 is a social network, much like Facebook or Myspace. A fake email has been going around pretending to be from someone called "Sarah xxx" (the name could change), and asking the reader to add them as a friend. The message says:
hi5 Friend Request from Sarah xxx
I’d like to add you to my hi5 friends network. You have to confirm that we are friends, and we’ll each get to meet more people. Please approve or reject my request by accessing the hi5 web site:
This seems real enough but there’s one serious flaw. They include a link you can click on (where it says "Accept Friend"). Clicking on this link doesn’t take you to hi5′s web site, instead it takes you to a phishing site.
Assuming you had a hi5 account, when you enter your login details into the fake hi5 login page the system records your username and password and shares it with the criminals running this site.
Like all phishing sites, it’s just a fake page designed to steal your password.
What can you do?
- If you use hi5 or any other social network, when you receive a notification email you can go their web page yourself, without clicking on the links in the email. In other words, open a web browser and type in the name of the web site (or use a bookmark).
- When you see a link in an email, place the mouse pointer over it for a couple of seconds. Most email clients will display the real address it points to. Of course it helps to have a bit of experience recognising real addresses from fake ones – read this FraudO article to learn more.
- Use a good anti-virus package. The big commercial packages scan your emails for fake emails like this one and filter them out. They also scan the address of every web page you go to and if it’s known to be a scam they’re filtered out too.
- And if you don’t know anyone called "Sarah xxx" who signs her name as "Adelina" then you can just ignore the email entirely.