This morning, one of the contacts on my Windows Live Messenger list appeared to be on-line and sent me a link that looked like this: [myusername].historyshotz.com. What caught my eye was the fact that my actual username was in the link, and then upon clicking the link, Firefox let me know that the site was reported as web forgery. Knowing the link came from a friend, I was curious, so I started to look into it. As it turns out, their account had been compromised and what I would have seen had Firefox not stopped me from following the link, are boxes to enter in my MSN email credentials.
What we are trying to get at is if you happen to receive a link from a contact on your MSN/Windows Live Messenger list that looks like this: [yourusername].historyshotz.com, (with your actual username appearing in the link), do not follow it and do not enter your credentials. We don’t care that they claim their intentions are good, they can’t be, not with the way they attempt to get your credentials in the first place, followed by the spamming they do. Oh, and that spamming, they say the user will be liable for:
“ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.”
If you happen to get the link from a friend, be sure to let them know that their account has been compromised and to change their password immediately.
What was reassuring for us was the fact that Firefox already identified the site as web forgery, just one day after the domain was registered. Yay for Firefox!