Saturday 15 August 2009

I was nearly caught by this MSN messenger phishing scam (I think) pointing me to some interesting photos of me

All of a sudden a popup appeared telling me that one of my MSN messenger buddies had found some interesting pictures of me on the Internet… this of course raised my curiosity so I clicked on the link to the pictures. 

A web form opened:
MSN phishing login page
“Welcome back!  Please login with your msn to continue…  pics for msn friends 1.1c  currently 37 pictures in private gallery.”

So, not thinking too much :( and knowing that the original MSN message came from one of my buddies, I typed in my MSN email address and then my password.
I was about to press enter, when I realised something was amiss.  I’m not sure what triggered my suspicions (perhaps it was the poor capitalisation), but I decided to read the “Terms and Conditions” page (pasted below, with all the original spelling mistakes, and “interesting” statements underlined).

Well, after reading the “Terms and Conditions” page, all I can say is “At least they are being honest about being dis-honest”!!!!  And needless to say, I decided NOT to press the “Sign in” button.

OK, so why did I get the message?
Is my PC infected with some sort of virus?
Is my buddy’s PC infected with some sort of virus?
Has my buddy’s MSN login been compromised?

After Googling a bit, I think (not conclusive at this stage) that a virus is not involved.  But I suspect that my buddy’s account has been compromised. 

I called my buddy and told him to change his password.  Hopefully that’s sorted out the problem. 

Remember, if you get a similar popup then don’t enter your real username and password!



Terms of Use / Privacy Policy:


{HTT has highlighted and underlined various statements below – the original was plain text}

By filling out this form, you authorize Tubela Management, Inc to spread the word about this 100% real and upcomming Messenger Community Site.  You will receive your share of the credit in helping us spread the word. This is a harmless Community site which is offering users a platform to meet each other for free.

We do not share your private information with any third parties.  By using our service/website you hereby fully authorize Tubela Management, Inc to send messages of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information you provide us. This is not a "phishing" site that attempts to "trick" you into revealing personal information. Everything we do with your information is disclosed here. If you are under eighteen (18), you MUST obtain permission from a parent or guardian before using our website/service.

This page is not affiliated with or operated by Microsoft (tm) or MSN Network (tm).

ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.

We may temporarily access your MSN account to do a combination of the following: 1. Send Instant Messages to your friends promoting this site. 2. Introduce new entertaining sites to your friends via Instant Messages.

This is a free service. You will not be asked to pay at any time. You will not be subscribed to anything asking for payment. This service is made possible by many hours of human effort.

Tubela Management, Inc reserves the right to change the terms of use / privacy policy at any time without notice. To view the latest version of this privacy policy, simply bookmark this page for future reference.

You understand that this agreement shall prevail if there is any conflict between this agreement and the terms of use you accepted when you signed up with MSN. You also understand that by temporarily accessing your msn account, Tubela Management, Inc is NOT agreeing to MSN's terms of use and therefore not bound by them.

This agreement shall be construed and governed by the law of the republic of Panama. You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement.

If any provision of this agreement is held to be invalid, illegal or unenforceable for any reason, such invalidity, illegality or unenforceability shall not effect any other provisions of this agreement, and this agreement shall be construed as if such invalid, illegal or unenforceable provision had not been contained herein.

Copyright 2008 Tubela Management, Inc



Update on Thursday 27Aug2009:  I just received another popup – this time containing the following text: “phewww +o( unbelivable, is that you??? who ever is it...is really similar to you lol ...
http://I-Got-Obsessed.com/?gallery=buddy’s_name&pic=DSC00457.JPG




4 comments:

  1. In the Terms and Conditions it says Something along the lines of account may be temporarily unavailable while THEY use it to Send CRAP to your contacts so yes. By logging in you are giving them your account information and they will Have access to, contacts, emails, and any other information you may have!

    cheers!

    ReplyDelete
  2. i nearly got caught out by this to ..it was only that i recieved this from a very old contact who i hadnt spoken to for months that i knew it was a scam...its a pity msn cant deal with this crap and stop it...its like all this phishing stuff you get you report it but it still keep coming...

    ReplyDelete
  3. This very same thing happened to my 12 year old daugher. She delcares with absolute certainty that at no time did she go to a website and enter her msn password or email address.
    Yesterday, one of her contacts told her that after she got booted, and saw that it was because somebody else was using ger account, and that two people could not be signed into the same account at the same time. Now her freinds said that she got a text message from her saying that "Papa-says-no-dirty-pics.com/hername/image.com has pics of her", we advised her friend not to click on the link, because we did not send it, and we were offline at the time.
    After doing some research, I have learned that many people believe that this is a virus, with few exceptions. I am leaning toward virus myself, since my daughter is certian that she entered no account information on the page where it asked her to do so, and all she did was click the link to see what all this was about, after hearing from her friend that she sent the link which she did not.
    We have since changed all her msn account info, including security questions, as her address book/buddy list has clearly been compromised. I would like to get to the root of this issue and destroy it...
    MSN FIRST....... micro-shaft, here I come.

    ReplyDelete
  4. Thanks Anonymous x2: good luck with your mission!
    Destroy away - be careful - it's wild out there!

    ReplyDelete

Live Traffic Feed

 

Be notified of
page updates
it's private
powered by
ChangeDetection

Copyright © 2008 HandyTechTipper. All articles are released under the Creative Commons Attribution 2.5 South Africa license, unless where otherwise stated.