In association with heise online

07 July 2008, 16:25

Phishing and link spam spreading on MSN

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Anyone getting Instant Messages containing URLs should be even more careful in future, even if the messages are from friends. An avalanche of phishing is now roaring through Microsoft's MSN network, luring recipients to a page that asks for their MSN login data. Those who respond will find themselves on a page displaying a few photographs, which are linked to search queries.

Login dialogue on the MSN phishing page
Zoom Avalanche of phishing on MSN: recipients are lured to a page that asks for their MSN login data.

Evidently a background script checks whether these access data are useful by logging in to MSN as the user. Shortly thereafter, all the account holder's friends are sent messages containing URLs that take them to similar pages.

Although most people never bother, reading the small print of the "Terms of Use" or "Privacy Policy" gives the game away. It's stated there, quite openly, that the access data will be used in order to show friends "new, entertaining pages". It claims not to be a phishing site because, after all, the use made of the data is precisely as described. Anyone wishing to complain, however, should note that Panama is given as the territory of jurisdiction.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit