“Pics for MSN Friends” Steal Your MSN Passwords
Filed in: Security — July 10th, 2008
Recently, I am getting strange URL from my MSN friends. Clicking the link will lead to a “Pics for MSN Friends” web page with a login form asking for your msn email and password. DO NOT submit it!
Do not fall into the trap! If you submit your email and password, they will use your MSN account to send messages to your friends on your behalf.
Quote from the “pics for MSN friends” site:
We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.
That’s scary!
There is a Terms of Use / Privacy Policy at the bottom of the page. Basically, it tells you that they have the right to use your MSN account to spread unwanted messages. The page appears to be created by “TST Management, Inc”
There are many variants of the URL but all have the same login form. For more information on terms and conditions of the page, please refer to the great write-up of Jalaj.
What happens if I submitted the form?
Your MSN friends will probably get the same URL from your account and thought it is from you. They might be the next victims and then send the same URL to the friends of your friends…
What should I do?
In order to stop the unauthorized access to your MSN account, you should change your MSN Passport account’s password, in other word, change your Hotmail password.
My two cents
Never ever submit your account information to an unknown website. Don’t trust the links from your instant messaging friends. They might not know what happened. It is good to confirm with them about the link they sent.
Tags: IM, msn, password, pics, TST Management
Comments Feed
TrackBack URL
July 10th, 2008 at 8:53 am
Also, to stop this web phising, one should report it. I always report whenever I receive any email or IM message that prompt for login details. There has been a lot of instances of phishing for our online banking login as well.
To report
Firefox: Go to HELP > WEB FORGERY. This will sen the site info to Google database that will warn you phising websites in the future.
Internet Explorer: Go to TOOLS > PHISIHING FILTER > REPORT THIS WEBSITE.
July 10th, 2008 at 11:40 am
Microsoft might also be interested in this highjacking of their user’s accounts and spam.
In the meantime… is anyone interested in submitting piles of made up account information to this phishing form?
July 10th, 2008 at 10:09 pm
I will never click on the link that sent from my friend. Unless they told me about the website. It is always better to take precaution.
July 10th, 2008 at 10:49 pm
nasib baik tak kena lagi=p
July 11th, 2008 at 12:51 pm
Thank god that I am not a MSN user!
July 11th, 2008 at 3:18 pm
yup receive those via IM too but didn’t take the bait. Anyway thanks letting everyone know about this scam.
July 11th, 2008 at 10:56 pm
Yes..been receiving it twice this month.
with an address something like your friends name @msn..bla bla bla
well never fall to anything like this anymore,i’ve learn my lesson last time.
July 16th, 2008 at 4:38 pm
really… i use msn once in while
July 16th, 2008 at 7:01 pm
Well, always beware the virus attack. Dont click on any link send by your friend. verify it first with the person.
July 16th, 2008 at 7:03 pm
hey and ensure you got a anti virus latest version to tackle this problem.
August 17th, 2008 at 10:32 pm
[...] http://www.liewcf.com/blog [EN] [...]