Wanderer D 5,290 followers · 59 stories

Patreon | Ko-fi are available for subscriptions/donations! Helping pay my bills helps me write more!

News Archive

  • 15 weeks
    All Our Best [Royal Canterlot Library]

    As should be obvious from 15 months without a feature, life has taken the Royal Canterlot Library curators in different directions. While there’s still plenty of awesome stories being written in the My Little Pony fandom, we’re no longer actively working to spotlight them, and it’s time to officially draw the project to a close.

    Thank you for all of your support, suggestions, and comments over the years. We’re grateful to have been able to share seven years of exemplary stories with you, and give more insight into the minds behind them. In the spirit of the project, please keep reading and recommending fantastic fics to friends—the community is enriched when we all share what we love.

    Read More

    91 comments · 10,032 views
  • 20 weeks
    Jinglemas 2021 has come to a close!

    Jinglemas had 114 stories written and exchanged this year!
    You can read them all here, in the Jinglemas 2021 folder!

    Jhoira wrote The Hearths Warming Eve Guest for EngageBook
    GaPJaxie wrote Twilight and Spike Hide a Body for Telly Vision
    SnowOriole wrote The Armor Hypothesis for BaeroRemedy
    snappleu wrote Words Said So Often That They Lack Any Meaning for Trick Question
    NeirdaE wrote Starlight and Trixie Direct a Play for Moosetasm
    Ninjadeadbeard wrote Garland Graveyard Shift for NeirdaE
    Roundabout Recluse wrote Apples to Apples for Ninjadeadbeard
    MistyShadowz wrote The Times We Shared for NaiadSagaIotaOar
    Petrichord wrote A Gentle Nudge for Angel Midnight
    Jade Ring wrote Past, Future, and Present for Frazzle2Dazzle
    Jake The Army Guy wrote The Big Talk for Dreadnought
    The Red Parade wrote Heart Strings for Franso
    Greatazuredragon wrote A Hearth’s Warming Question for GaPJaxie

    Read More

    19 comments · 5,022 views
  • 50 weeks
    Reunions: A Swapped Roles Contest!

    Okay guys here's something fun presented by Nitro Indigo.

    Presented by me, I guess, but I digress.

    Last year, I (Nitro Indigo) noticed that there was a surprising lack of roleswap fanfics on this site. To fix that, I decided to run a roleswap contest over the summer themed around secrets. While it didn’t get many entries, it nevertheless attracted the attention of some big authors and was the origin of two of my favourite fics. Overall, I think it was a success, so I’ve decided to run another one!

    Read More

    56 comments · 12,053 views
  • 123 weeks
    Minor Rules and Reporting Update

    Hope everyone is enjoying the new year.

    Some small changes have been made to our rules as well as to the reporting process.

    Rules

    "No attacks directed at individuals or groups due to race, gender, gender identity, religion or sexual identity."

    This better clarifies our previously ill-defined hate speech rule and includes groups as well as individual attacks.

    "No celebration, glorification or encouragement of real life criminal activity."

    This includes past, present and potential future crimes.

    Read More

    747 comments · 14,163 views
  • 125 weeks
    Jinglemas 2019

    There's truly no time like the holidays. What's better than copious amounts of food, quality time with family and friends, hearing the sweet sound of Trans-Siberian Orchestra on repeat, and unmanagble financial stress from our capitalist overlords?

    Gift exchanges of course!


    Our Own Little Way of bringing Hearth's Warming to Fimfiction

    Read More

    28 comments · 6,992 views
  • 145 weeks
    "Ponyfic: There Can Be Only One" wrap-up [Royal Canterlot Library]

    We're still recovering this week from the fandom's final Bronycon.  (In some cases literally — a con-crud-ridden Horizon is dragging himself out of bed to write this.)  So in lieu of a Bronycon-week feature, we'd like to talk a little bit about the panel we hosted to find THE FANDOM'S BEST FANFIC™.

    We've got a full writeup on our royalcanterlotlibrary.net website — including the complete bracket of 16 fics in contention for the title; shout-outs to great fics which we couldn't fit on the shortlist; and the full results of audience and curator voting.

    Our hearty congratulations to Monochromatic's "The Enchanted Library" for taking the BEST FANFIC title in an upset victory over our #1 seed!  We'll be running an interview with Monochromatic as soon as possible.

    25 comments · 4,963 views
  • 146 weeks
    Come See Us at Bronycon! [Royal Canterlot Library]

    The run-up to Bronycon has been a mad whirlwind of RCL activity!  Five curators are attending (two for the first time!), and one of us is an official community guest. Several of us are participating in the Golden Oaks Bookstore (as author, author and publisher).  And we're even running a panel!

    Read More

    29 comments · 3,177 views
  • 177 weeks
    Merry Christmas

    Hope you all have a great Christmas full of lots of food and fun times. Also ponies

    ~From everyone on staff

    110 comments · 4,237 views
  • 199 weeks
    Galacon

    I will be at galacon this weekend so if you see me feel to say hi!

    50 comments · 3,968 views
  • 203 weeks
    MLP BOX T-Shirt Contest

    Hey guys, MLP BOX are doing a competition for a t-shirt design to be included in one of their boxes, and since I know we have a mix of people here including artists, we thought it'd be a good idea to promote them so you guys can get in on it too. Below you can find more information about the contest:

    Brony.com and MLP BOX have launched the first in a series of "Design a MLP T-shirt" contests over on Brony.com.  The winning design, voted on by site visitors,  will not only be featured on a shirt but the winning designer will also win $1000 dollars pending approval of their design by Hasbro.   Second and Third Place will also receive a cash prize.  All winning designs will be printed and be made available in t-shirt form for sale through the Brony website.

    Read More

    16 comments · 3,865 views
Apr
23rd
2022

Site Post » Phishing Awareness · 10:23pm April 23rd

Have you ever found yourself in a situation like this?



And then you magically find yourself in a suspiciously familiar site, except that you're not logged in, and it requires you to do so?

Well. Don't log in. This is a scam, and a cheap one at that. 

There've been recent attempts to obtain Fimfiction users’ personal data, like passwords and/or emails through links like the one I'm making fun of above. And a distressing amount of people don't seem to know what phishing attempts are.

If you HAVE entered a site like this and put in your data, make sure to follow these basic steps at least.

These accounts are then used to further post fraudulent links to trick others. Bear in mind, "just because it's a fimfic account" doesn't mean that the data obtained cannot be used for worse things than simply posting more messages to gain access to more accounts. That's not their final objective.

Given that we're a community and communities should help their members when possible instead of simply leaning back and watching them suffer, I have decided to put up a handy little guide for y'all. Now, this is not a comprehensive guide on how to avoid BITB attacks or stuff like that, but a general familiarity with what is common out there can help.

So, D, you ask: "Besides questions about how you ended up being such a handsome SOB, my burning curiosity right now is focused on this word you used. Why is this scam named so similar to a sport that can be summarized as sitting on a bench or boat with a line and a hook waiting for oblivious swimming animals to bite and be lured out of the water so they can be butchered called... oh. Oooooooooh."

Yes. That is why it's called Phishing. The lure being a link, or a text message with a link, or an email that urges you to click on this link to save yourself from having your money vacuumed by pirates, etc. Usually there's "tells" for emails and such sent to companies with bad grammar and such, but in the comments here... that's, let's just say not unusual enough to raise eyebrows.

The idea is that by clicking that link you are providing these people with data that they can use against you. IP, possibly email, and even your password if they trick you into putting in your credentials. 

THIS IS WHY TWO-FACTOR AUTHENTICATION IS YOUR FRIEND AND YOU SHOULD BE USING IT HERE AND EVERYWHERE ELSE IT IS IMPLEMENTED.

Yes that is optional but it's also stupid not to use it. There. I said it. Use that. The codes, phone numbers or text messages automatically required by 2FA could be your lifeline, especially if you're one of those people that use a single password for everything.

Which let me make clear: DON'T. HOLY CELESTIA, DISCORD, AND LUNA! DON'T DO THAT! If you do, make it your mission to fix that sh*t NOW. 

Any one site can be spoofed. Any text message you receive can be clicked on if you're distracted. Any email can look legit unless you're paying attention.

This is for your safety. This is not a joke.

People are taking advantage of your lack of information. You've all heard the stories of old people getting duped by scammers from India to give them their money by convincing them to buy Apple Gift Cards. This doesn't only happen that way, and it's not just old people that are targeted.

Keep track of what's happening out there and remember to protect yourself. There are many ways to keep updated.

We can tighten up security in the site, but ultimately you are the last line of defense against scammers. These sad, bitter, less-than-human morons take advantage of ignorance. Don't let them win.

If you believe you have been a victim of a phishing scam here, please make sure to contact us.

Report Wanderer D · 6,715 views ·
Comments ( 159 )

I've seen these scams so many times, I instinctively avoid all links that beg me to click on them.

Yeah, i remember almost falling for one in discord a couple of years ago. The robotic way the user was answering my questions and how quickly responded should made it clear that I was speaking with a bot. Either way, when i asked the admins of the server I shared with the scammer I was informed of the ploy the scammer was using. Since then I’m more carful.

It’s amazing how you also took the time to create those first three screenshots.

Recently we’ve also been getting some weird blogs in foreign languages with very sus links as well.

SockPuppet #5 · 4 weeks ago · · 2 ·

Get all of thou a password manager and use a different thirty character randomized password for every site. I like 1Password.

Yeah it’s ridiculous who has ever logged out

I'm guessing whoever's doing the phishing is the one downvoting every comment here

if so, we know it's you m8 - you're not very good at this

SockPuppet #8 · 4 weeks ago · · 1 ·

...and some butthurt baby downvoted all the comments. I think you found your spammer, D.

CharonX #9 · 4 weeks ago · · ·

5652796
Exactly.

Also, if you use a manager with browser integration it WILL usually tell you "Oh dear, I don't have ANY login+password for www,phishingsite,whatever" which is an excellent secondary fail-safe in case you fail to spot the scam and click on the link.

I mean, one should always check the URL. That screenshot clearly says "fimficton," like it's some kinda friendship weight measurement. And any popup message telling you about server errors (5xx errors) should be considered very sus. Most respectable server admin's will ensure those errors have a dedicated page.

Also, your "totallylegituser" screenshots are great!

It's worth mentioning that you can hover your mouse over a hypertext link and you'll get a preview of the link's address, so you can see where it'll actually take you. Most browsers display that preview in the bottom left corner of your browser, iirc.

5652796
Yup. It takes a lot of time to reset all of your account's passwords to a password manager but it's totally worth it. I like to use Bitwarden for my needs.

5652804

It's worth mentioning that you can hover your mouse over a hypertext link and you'll get a preview of the link's address, so you can see where it'll actually take you. Most browsers display that preview in the bottom left corner of your browser, iirc.

Doesn’t always help. Link shorteners like bit.ly (the use of which is yet another clue that a link should be treated with suspicion!) can obfuscate the actual URL until the link is clicked. That said, there are browser extensions that can unshorten such links for perusal without following them.

Thanks for letting us know. Was getting worried when that banner warning popped up. Will be on guard for sure.

Luckily I'm naturally suspicious/paranoid of links like that by default, but still, gonna be keeping my eyes open.

There’s an easy trick to deal with this. Check the site. Look for any inconsistencies in the layout, not just the URL (although that is usually the smoking gun, at a glance you may not notice). I know for a fact that AO3 mirrors often feature strange details that give them away, like missing interface options and weird bugs. I wouldn’t be shocked if the same goes for stuff like this.

Yes to everything above and below. And one of the most important things is to always be aware of what you might be clicking on.

True story: just the other day I got a text that my Wells Fargo credit card had been frozen due to suspicious activity, please click the link to correct the issue.

Two small issues with the text.
1. It directed me to a tiny url link which I don't think any legitimate vendor would ever use. :twilightoops:
2. I do not have, and never have had, a Wells Fargo credit card. :pinkiehappy:

Things like this are why I never even open any text messages unless I'm fairly confident that it's legit. Don't want to accidentally send a read receipt to the potential fisherman.

oh, come on. they could at least try a less obvious trick.

like i would ever log out

or close my site window

or respond to a comment

I've been the victim of two scams, one of which fits this description. You may feel like you'd never fall for this, like I did, but the attempts never stop and eventually in a moment of weakness where I was overwhelmed by life coming at me all at once, my mind was busy with other problems and I didn't think twice. I have two-factor authentication everywhere that I can get one now. This was a very expensive life lesson.

I've been noticing some of those myself, though I didn't think to consider what exactly it was they were trying to accomplish. As a result, in the process of reporting some of those accounts, I — in immediate hindsight, really stupidly — clicked on two or three links to be 100% sure they were from bots. (I was operating under the erroneous assumption that they were "only" adbots trying to sell me things.)

With a singular exception (a fake login page I immediately exited out of), they all led to "404 error" messages, though I'm not entirely convinced that's what they truly were. I never entered any personal/account information, but would you suggest I change my password — or anything of the sort — just in case?

Either way, thanks for the heads up.

Wanderer D
Moderator

5652815 Yes. Change your password. And make sure that if you use it for any other site, you also change the ones there. Like 5652796 said, a password manager is a good idea.

Oh dear 😳

I got one a few days ago, but luckily my antivirus blocked it when I clicked it (I know, I know, I still beat myself over it) and I didn't enter any information, just got a heart attack for a second and understood what SpongeBob felt when he got hooked.

Followed the steps and learned a good lesson that day.

I had a feeling something was up when I saw that banner.

5652816
I just went and preemptively changed my password anyway.

Me who passed Computer exam: *prepared everything*

Sincerely appreciate the heads-up. :twilightsmile:

At last, a look into Wanderer’s internet tabs…

My question is why do they even want to phish brony information lmao

This should be part of the decade of schooling most developed countries force you to have. I mean, it's actually part of the curriculum now (or it was when I went to school up here in Canada, but I can't speak for the Uneducated States of America), but you might be shocked how old some of the people here are.

Honestly, someone leaves me a comment like that, I'm probably either ignoring or reporting it.

Of course, I also have a tendency not to respond to "Hi! How are you?" PMs, even when they look legit. I'm not exactly the most social...

--Sweetie Belle

5652828
The email, password, etcetera — especially if they're being used across sites — can be the phishers' gateway to more "valuable" information.

I wish Google would let me disable the simple 2FA "prompts" sent to Android in favor of using only the more complicated options. I'm terrified of accidentally accepting a fraudulent one.

I’ve seen enough from my email. Never thought I’d get one from this site too.

I saw that banner and I was like :trixieshiftleft: “What happened?”

5652830
Well, that explains it.

Least I know why, I won't bother ya again.

Thankyou for providing information on this. A lot of times from what I've experienced a tell tale sign of a scam is that someone is insisting that they're not scamming you. The fact that the guy said this was a totally legit website should cue people in that it's a scam.

What I find funny is even the website URL says, 'totallylegit' in it! LOL

But either way I think this is good that you're taking steps to inform people of what's going on. The fact that comments on this post are being downvoted means somebody doesn't like that you're calling them out on their shit. I love immature people, don't you?

I hate scammers and hackers a like. They need to get off their butts, get a job and stop stealing from people. I don't like scammers and hackers because they're the worst kind of thieves.

I was confused on why I wasn’t signed into this site so I just left that sight and focused on my writing. Glad I did that.

Dang that’s scary, feel like it’s best for me to not log in till it’s over. Or at least only log in to write a story I’m writing...

I do have a question, are embedded links safe or should we be careful of them too?

Also, if someone were to press the link on accident would they and their account/data be safe if they quickly close the tab? Or would they need to do more?

Must be getting really bad if this site has to make a post like this.

Dan

SMS 2FA has flaws of it's own, but it's better than nothing.

I actually liked the authenticator keychains that some places like The Old Republic tried to popularize a while back.

Dan
Dan #44 · 4 weeks ago · · ·

5652832
You cannot have a google account and have any expectation of security. Every word of their "Privacy policy" and account security pages is a lie.

Use FreeOTP+

Google is trash.

in the words of Dante

Dan

5652823
Oh? Which one?

Pretty much anyone can get an A+ Cert.

CCNA is where the fun is... That's what I'd say if Cisco weren't stool pigeons for the NSA pigs.

What a bunch of A-holes! For trying to do that to us, or anybody else. Thanks for that nice warning.

5652844
Got a 50/50 on my last Computer exam. That's all I have to say.

5652838
Are you referring to embed links such as YouTube videos?

Login or register to comment