SPREAD THE VOICENews to know: beware of phishing scams!
Journal Entry: Wed Aug 31, 2011, 8:20 AM
There is currently an individual or group of individuals who have created a fake deviantART login page, and they're using hijacked accounts to continue to share the URL of the fake page.
Please spread the word:
If you click a link that directs you through the deviantART "There Be Monsters Out There" outgoing link page and you unexpectedly return back to deviantART while logged out, check the URL of where you are before entering any of your details.
The proper URL for the actual deviantART login page is: deviantart.com/users/login. (Note that there is nothing between "deviantart" and "com" except for a "dot.")
If you find yourself unexpectedly logged out after clicking an offsite link, immediately check the URL to see if anything extra has been added -- this would indicate that you are in fact on a third-party website masquerading as deviantART. For example, if the URL reads something like deviantart.[something].com/users/login then you are no longer on deviantART and you should not attempt to login.
If there are any words at all between "deviantART" and "com" then you are on a phishing site -- solely focused on trying to steal your account information. Do not enter your details!
In addition, please note that our main login page always shows on https (secure login).
We are currently tracking and banning the accounts being used to spread this scam and have blacklisted the actual URL of the phishing site. We've also contacted the company involved in hosting the phishing attempt(s) and have their cooperation in remedying the situation.
In the meantime, the phisher may move to using URL shortening services in order to bypass the blacklist against their own site, and if this is the case, we will move to blacklist these shortening services, as well, at least temporarily.
While we do understand that URL shortening services (such as bit.ly) are popular and well-used, we will be putting the safety and security of our members ahead of the convenience offered by these services. So if you are a routine user of such a service and your use is suddenly blocked, please be aware that it is not a bug but a security measure which we have put into place for a period of time.
Thank you for your understanding. We also thank you for your vigilance in reporting this incident to us. Please note that we care about your safety elsewhere on the Internet, and these tricks -- knowing how to spot a fake URL and looking for the "https" secure login -- is good advice for any site you frequent and log in to. Feel free to pass on this information to your friends and watchers so that we can help prevent further spread of the attacks.