Business - Written by Alan Majer on Thursday, July 17, 2008 10:15 - 0 Comments
The most nefarious phishing scheme yet – watch out webmail users
Today I got presented with a clever/nefarious fake login page at hotmail.
Early this morning I did a check of my webmail and found a message supposedly from support@mydomain.com with the subject heading “Registration renewal for your domains”. While I didn’t have any domains there, I didn’t think much of it until I clicked to open the message.
Immediately, out of the blue it appeared to log me out of hotmail and present me with a new hotmail login screen. The font looked a little odd, so I checked the URL in the browser (which showed me all was well and that I was on: http://…mail.live.com/ However, when I right clicked to get the properties for the page I found that the actual site I was on was:
(note: I don’t suggest going to the kbs8.cn site, no telling what’s there)
Anyway, I emailed hotmail security about it. I’m curious to see what they’ll tell me. This seems to be a pretty serious security bug though. Not sure how an email can take over the entire hotmail interface leaving the main URL intact but presenting with an arbitrary web page.
The only other explanation that I can imagine for this is if microsoft runs the kbs8.cn site itself. However, I’m not going there to find out. And if they do own it, it’s probably not a good choice of URL to frame in a login page. I’m glad I didn’t log back in again when I was mysteriously logged out. But with scams like these, it’s getting much harder than it used to be to know when you’re being phished or not.
I’ll report back with any news I receive from hotmail’s security staff in case they have advice on browser settings or how to avoid this security issue. UPDATE: response from Microsoft is that they’re looking into it and a report was made to their passport group about the issue. They have since followed up saying the phishing site will be taken down shortly.
Have you ever been taken in by a phishing scheme before? How did you know? What did you do?
Any experts have recommendations or best practices on how to avoid these risks?
Coming soon in paperback! Help rename the paperback version of Macrowikinomics and win a one-hour webinar for you and your colleagues with Don Tapscott. Ends 5:00pm ET, August 31. Learn more.
Business - Oct 5, 2010 12:00 - 0 Comments
DRM and us
More In Business
- Facebook, Facebook, Facebook
- Survey: How are you using Facebook, Twitter, smart phones, and other technology platforms?
- Will Facebook be your CRM provider?
- Wiki Banking
- The importance of being competent
Entertainment - Aug 3, 2010 13:14 - 2 Comments
Want to see the future? Look to the games
More In Entertainment
- Lessons in collaboration from B.B. King’s
- CL!CK – LEGO’s fun social product development platform
- Peer Pressure 2.0: Farmville
- Online gaming more than just fun
- The NFL – The most protective league, attempting to control the uncontrollable
Society - Aug 6, 2010 8:19 - 4 Comments
The Empire strikes a light
More In Society
- Balance: customer receptivity vs. customer revulsion
- The Net Gen: Too plugged-in for parenting?
- Are you addicted to social media?
- The privacy discussion we need to have
- “The Data-Driven Life”: Who’s not interested in discovery?