" />

Tech Geek and More

Technology Explained for All

Sponsor Ad IDrive Remote Backup

Category Archives: Phishing Attacks

Alert: “See Who Blocked You on MSN” Phishing Attacks

  microsoft  This specific story came out a couple of weeks ago on the TrendMicro blog.  This involves an email that says “(Name of someone you know) has invited you to check who has deleted you or blocked from their contact list on MSN Messenger.

    In the past couple of days I’ve actually had 2 customers who have received this email and fortunately for them, they asked me about it before clicking on the email.  With that said, here is the post from the TrendMicro website concerning this current Phishing Attack.

******************************************************

From http://blog.trendmicro.com/see-who-blocked-you-on-msn-phishing-attacks/ (http://blog NULL.trendmicro NULL.com/see-who-blocked-you-on-msn-phishing-attacks/)
11:22 am (UTC-7)   |    by Merianne Polintan (Anti-spam Research Engineer)

We have received samples of a new phishing mail targeting users of MSN Messenger inviting them to see who deleted or blocked them from their contact list. Users would be interested to know who among their friends have deleted them from their lists.

Phishing Email
Figure 1. Phishing email

Clicking on the link displays the following fake login page asking the user to input his or her password:

Phishing Website
Figure 2. Phishing website

It is obvious that the intention of the cybercriminals is to harvest the user’s MSN Messenger login credentials. Afterwards, they can then continuously sends spam messages to the account or, worse, they can use the account for their malicious intent.

Getting in touch with friends is now much easier than before. Because of the growth of social networking sites, we can stay connected with our old friends, or even find new ones. This may include reading the profile pages of other members, sending and receiving invitations to fun games, videos and other applications. However, users must be on guard when interacting within online social networks. Spammers are now abusing these in their phishing attacks.

Always be mindful in accepting “invitations”, especially when it concerns your personal information. This particular spam message, and the associated website, are already blocked by Trend Micro products via the Smart Protection Network.

*********************************************************

    Now lets go over what the Trendmicro blog said – By Phishing – The bad guys try and get your information so that they can then get access to your account.  Once on your account they can use your “legit” account to help spread the malware in addition to possibly get account information to banking or other financial information, considering these days its very common for people to keep emails or other notes that may have account information.

    In a related note, another news story posted today (10/5) by Neowin.net concerning the fact that over 10,000 Windows Live User Names/Passwords were posted online in the past few days most likely means that the bad guys got that information via a phishing scheme like the one explained by Trendmicro.  The compromised accounts affect Hotmail, Windows Live Messenger, Zune, Xbox accounts to name a few as most people share the same sign in throughout the various Microsoft online sites and offerings.  the complete store on the password posting can be seen at  http://www.neowin.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online (http://www NULL.neowin NULL.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online)

     Some of the most important things to keep in mind when using email or instant messaging or twitter or any social networking site or basically anything on the internet.

1) Regularly change your passwords. I know this one drives most people nuts, but changing your passwords can prevent someone else who knows your password access to your account. (If you currently use any Microsoft online passwords like Hotmail, Messenger, Xbox, Zune, etc it is highly recommended that you change your password and your secret access code immediately due to that breach)

2) Do not use the word “password” or admin or bank or “your name” or anything that anyone over the age of 5 can guess.  Passwords should be what is called alpha-numeric including caps and symbols which means that it should look something like this Pa55w0rd@ (which is the word password with a capital P followed by the number 5 twice instead of the letter s and a zero instead of the letter o and the @ symbol at the end).

3) If you receive an email from “a friend or relative or your bank or the IRS or anyone at all” asking you to click on a link or enter any private information, before doing it, check with them and ask if they sent it and confirm why they are asking.  Those few minutes lost verifying if this is legit will say you a ton of head-aches and save you from paying me a ton of money (Not that I don’t want you to pay me a ton of money but I’m here to help you so this is your warning – No matter how much you really really want to don’t do it, or at least verify that your bank account has enough money to pay me when i have to go out and clean up your mess).

Google Ads
View in: Mobile | Standard