Beware of Fake Sites Masquerading as Megaupload

Dennis Faas's picture

The recent shutdown of file-sharing site Megaupload by the U.S. Department of Justice (DoJ) has resulted in a number of phishing attacks, directly targeting fans of the former service.

Phishing is a tactic used to acquire legitimate information, such as usernames, passwords and credit card numbers, by masquerading as a trustworthy person or organization. Users unknowingly provide their personal data for use in scams and frauds.

A classic phishing attack (still used today) might be an email reportedly from a bank (or similar institution), stating that your account has been suspended. The email will then go on to ask that you fill out all your personal information to re-activate the account.

In this case, however, scammers are pretending that the Megaupload web site still exists and are asking for personal information.

Before it was shut down, Megaupload accounted for almost 1 per cent of all traffic in North America, right up there with Facebook.

URL, Spelling Errors Signal Phishing Attack

The fake "Megaupload" sites are pretty obvious, if you look close enough. (Source:

For example, two of the fake sites use a numerical IP address as its locator (such as: http://123.456.789.10) instead of resolving to the proper domain name, such as  "". If you ever see a website resolve only to an IP address, it's a strong indication something is likely amiss (but this is not always the case).

Pretending to be the new location for Megaupload, the fake sites proclaim "This is the NEW MEGAUPLOAD SITE! We are working to be back full again".

Another way to tell if a website is legitimate: check for spelling and grammar errors. If the site-builders can't correctly spell their own site's name or its major pages, chances are it's a fake, and probably a dangerous place for Internet users to visit.

Security Expert: Fake Sites Take Any Input

Don Bowman, CTO for Internet traffic equipment vendor Sandvine, suggests another way users can ferret out a a fake website is to purposely use a bogus login name and password when logging into a site.

If the site accepts an incorrect login and password, it's likely a spoof in hopes of harvesting user names and passwords. (Source:

At the time of this writing, at least two fake Megaupload numerical domains have been spotted in the wild online the Internet, both claiming to be the next generation of the former Megaupload site. Experts are urging users not to visit any sites masquerading as Megaupload.

And while some loyalists remain hopeful the site will come back as a legitimate file host service, others say Megaupload is fading into memory, each passing day.

"Either they (Megaupload) get it back online shortly or everyone forgets about it and moves on," said Bowman. (Source:

Rate this article: 
No votes yet