This morning, one of the contacts on my Windows Live Messenger list appeared to be on-line and sent me a link that looked like this: [myusername].historyshotz.com. What caught my eye was the fact that my actual username was in the link, and then upon clicking the link, Firefox let me know that the site was reported as web forgery. Knowing the link came from a friend, I was curious, so I started to look into it. As it turns out, their account had been compromised and what I would have seen had Firefox not stopped me from following the link, are boxes to enter in my MSN email credentials.
The domain, historyshotz.com was registered just yesterday (they are based in Panama City, Panama according to Whois.net) and they attempt to retrieve your credentials by telling you to login to see a photo from the person who sent you the message. Those who fall for it authorize some company called TST Management to “send messages of a commercial nature via Instant Messages and emails on behalf of third parties via the information you provide us.”That line comes from their Terms of Use/Privacy Policy where they also point out that they claim they aren’t a phishing site that attempts to trick you into revealing your information. Riiiight. They say that, right before they talk about accessing your account to send messages to your friends to promote the site, and introduce them to “new entertaining sites.”
What we are trying to get at is if you happen to receive a link from a contact on your MSN/Windows Live Messenger list that looks like this: [yourusername].historyshotz.com, (with your actual username appearing in the link), do not follow it and do not enter your credentials. We don’t care that they claim their intentions are good, they can’t be, not with the way they attempt to get your credentials in the first place, followed by the spamming they do. Oh, and that spamming, they say the user will be liable for:
“ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.”
If you happen to get the link from a friend, be sure to let them know that their account has been compromised and to change their password immediately.
What was reassuring for us was the fact that Firefox already identified the site as web forgery, just one day after the domain was registered. Yay for Firefox!
Oh yes, i seen lots of my friends been compromised as i have received such message. So is MSN vulnerable or what?
I’m in situation where my windows live password will not work and the password reset is being sent to the acct that is not working.
I can’t find tele # to talk to a live person.
Having a dumb moment, I fell for it, and even gave my account information. Luckily I realized quickly that it’s a scam and managed to change my password. Does that mean I’m off the hook, or should I do something more?
MSN is not vulnerable, just their users who give out their credentials are.
Have you tried emailing them?
Uh-oh! At least you realized it! Sometimes these things happen to the best of us. If you changed your password you should be fine since they’ll no longer have access to your account.
I emailed them approx 5 hrs ago. No answer yet.
On a whim, I successfully went into my windows live acct from another computer. I’m still rejected on my laptop.
Sounds like you need to clear out your browser’s cache for some reason.
I reach my email through firefox. On a second whim I deleted the microsoft cookie and entered the windows live acct with no problem. And yes they did send the password reset to that acct.
Thanks
Would clearing my cache mean losing password info for other accts?
The fact that it was registered yesterday and yet uses “please login with your MSN to continue” shows its target audience – because Messenger hasn’t had the word MSN in its title for over 2 fking years! Yet most people seem unable to keep up with simple things like names and still refer to it as such.
Ashley: “Sometimes these things happen to the best of us.”
Ummm, no.
Trying going to the site in Firefox 3.0.1 and it’s blocked by the phishing filter…that is awesome!
This sort of MSN scams is not rare. I’ve had friends that unknowingly tried to infect my computer with a virus. First, the virus sends me a message like “lol is that your picture here? [bklgdjhklg.info] Aside from the suspicious URL (which many people will not even look at, I’ve learned), there seems to be nothing wrong with that message so you click it.
But it hasn’t stopped there. People who don’t have English as their native language used to have an advantage. If a Dutch-speaking friend sends you an English IM, you know something fishy is going on. Recently, viruses started detecting the language of the operating system they infected so now they send out a different teaser message depending on your language.
I don’t care. While I’m aware of the fact that Microsoft wants you to call it Windows Live Messenger, 95% of its users (including me) still calls it MSN.
What made me so suspicious about the site Ashley wrote about is the design. It violates nearly every design rule in the book. Apparently, they’ve never heard of margins or fonts that are easy on the eye.
How did I manage that?
just did a quick reverse dns on this site and came up with:
There are 13 domains hosted on this IP address.
nothing weird about that but the names well there no very convincing
also about three weeks ago i got a msn message from a friend same scam same company different URL cant remember what it was but i reported it through Firefox instantly and no i didn’t give them my account but i let my friend know his account had been got
I got this earlier this morning!
One of these days something like this will happen to you, and then you might agree.
Hi, I had a similar experience the other day, but with quicklycheck.com. The URL was [myusername].quicklycheck.com:6161
I clicked on the link, but luckily for me some instinct kicked in, because Firefox didn’t pick it up as a phishing site. The IM message came at an odd time, there was no other interaction or text from the other user (no, ‘Hi’ or ‘Hey, Nick, check this out!’). And the site just smelt of phish!
But it had me going – the user, whilst not on my current contact list, is a guy I know and the site I was directed to is based in the same country as he is (this I gleaned from the Flagfox extension).
Then I had a further message today (purporting to be from the same user) asking me to check out [MyCoolThingz.com], where I was being asked to claim a free Xbox360 or PS3 in return for my email address, lol!
I have now informed the user and told him to check out this page and warned him his MSN account may have been compromised.
Thanks for mentioning that, Nick. I’m sure there are multiple types of these sites out there. You can never be too careful, I guess!
thanks for posting this. I just got this today and then 2 of my friends got it. I quickly changed my password and advised them to do so also. Is that all we really need to do?
Yes, if you were able to change your password then they should no longer have access to your account.
So, if I got this and clicked the link but didn’t type any info, how much info/access has the phishsite gotten? Specifically, several friends are receiving the link automatically from me, but I’m not doing anything to send it. Do I need to change my password? Also, how do I get it to stop? Can msn messenger (fine, “windows live messenger”) be completed deleted and reinstalled to correct the problem?
Sounds like you’ll definitely want to change your password. You don’t need to reinstall messenger or anything, because it hasn’t done anything to the files on our computer.
Hi , Thanks for posting all your notes . My friends have been letting me know they have been receiving this link from me and I haven’t been into my hotmail for awhile . I have changed my password and secret question . If there is anything else that I need to do , I would appreciate the advice . I hope you all have a great New Year .