Members: Join   Log In
« Why is the mashable advertising contest random? | Home | How Web 2.0, Facebook, and the Net Generation will change corporate security »
Conv The most nefarious phishing scheme yet - watch out webmail users
by Alan Majer Rank_new on Jul 17, 2008 - 09:15 AM read 127 times
Source: http://www.wikinomics.com/blog/?p=1727 		External

Early this morning I did a check of my webmail and found a messagesupposedlyfrom support@mydomain.com with the subject heading “Registration renewal for your domains”. While I didn’t have any domains there, I didn’t think much of it until I clicked to open the message.

Immediately, out of the blue it appeared to log me out of hotmail and present me with a new hotmail login screen. The font looked a little odd, so I checked the URL in the browser (which showed me all was well and that I was on: http://…mail.live.com/ However, when I right clicked to get the properties for the page I found that the actual site I was on was:

http://…mail.live.com.kbs8.cn

(note: I don’t suggest going to the kbs8.cn site, no telling what’s there)

Anyway, I emailed hotmail security about it. I’m curious to see what they’ll tell me. This seems to be a pretty serious security bug though. Not sure how an email can take over the entire hotmail interface leaving the main URL intact but presenting with an arbitrary web page.

The only other explanation that I can imaginefor this is ifmicrosoft runs the kbs8.cn site itself.However, I’m not going there to find out. And if they do own it, it’s probably not a good choice of URL to frame in a login page. I’m glad I didn’t log back in again when I was mysteriously logged out. But with scams like these, it’s getting much harder than it used to be to know when you’re being phished or not.

I’ll report back with any news I receive from hotmail’s security staff in case they have advice on browser settings or how to avoid this security issue.


email, New Paradigm, phishing, Security, spam, Wikinomics
Rating (0.0
Rt-00-16

Log In to Reply | Log In to Copy | Tell a Friend | Feed_small Secure_feed_16 Abuse_16x16

Featured

nGen Collaboration v7.1
Project CBS
Project LIM
Project ITM
Wiki Archive
Concours Archive

Author Profile

kaitlin  Feed_small Secure_feed_16

New Rank_new

Tag Cloud

academia advertising Apps Team Blogs branding Brian Magierski BSG business model citizen participation cloud computing Collaboration collective intelligence Communication Community connectivity content copyright crowd sourcing customer co-creation customer experience customer innovations Data Demand Maturity dilbert Documentation e.laborate Education election Elmore Enterprise 2.0 environment Espen Andersen Facebook Financial Services Frank Capek gaming GenX Globalization Google gov 2.0 government Industry Innovations internet Irregulars IS Management IT Infrastructure IT Management IT Maturity Jeff Milne Julien Dionne Katie Tierney Leadership Marketing mash-ups mashups mass collaboration Media & Articles N-Gen Net Generation New Paradigm News Next Generation Enterprise nGenera Product Management Office 2.0 Open Source Openness Outsourcing platforms policy politics Privacy prosumers Recruiting RSS SaaS Security SOA Social Media social networking Supply Maturity Talent Talent Management Tammy Erickson Technology Tom Steinthal transparency twitter Uncategorized user-created Vaughan Merlyn Web 2.0 wiki workplace Wikinomics wikipedia Wikis YouTube

Subscribe

Feed for nGenera Community:
Feed_small Public Secure_feed_16 Secure

Why subscribe? What is RSS?