Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« September 2012 | Main | January 2013 »

December 01, 2012

Outrageous Permalink

My blog has been pretty quiet the last few months, but I have been carefully monitoring the schemes used by the crooks trying to take over PCs and their contents around the world. Most of the campaigns have been variations of mind games discussed (sometimes repeatedly) in previous postings here. But one arrived tonight that I had to spread around—if for no other reason than because it's something that I fear will trick plenty of unsuspecting users out there.

A screenshot of the message follows:

Fake Microsoft Email Warning

Bad grammar, distorted Microsoft logo image, and sheer outrageousness of the message aside, losing access to one's email is one of those adrenalin-pumping threats that sends many a user to clicking the link without hesitation. A little hesitation would be good, however, because it would cause most email clients to show the actual destination of the visible link. In this case, it's to a page of a hijacked web site of a French aesthetician. The web site has been hacked to include a new subdirectory containing a form that hopes to grab the login credentials for a variety of web-based email accounts. The following image shows the page (which I visited only after checking the source code to make sure there was nothing damaging occurring in the page loading). If you click on any of the logos, you get a form "tailored" for that account type.

Fake Microsoft Email Warning

As we who follow these tricksters and online security know, re-use of login credentials across multiple sites is an all-too common practice. You can be sure that anyone who submits his or her username/password combination via this form will have those credentials blasted at all kinds of web sites that offer valuables: financial sites, shopping sites, your Apple ID. All the crook needs is to have success with one of those sites, and you're in for big headaches.

And even if you don't re-use credentials, submitting credentials for your email account will be bad enough. Crooks can use it to send all kinds of spam through your account, as well as capture your address book to gather up fresh, new email addresses that will receive future spam. Nothing like outing all your contacts to make you popular.

Posted on December 01, 2012 at 11:06 PM