| Summary |
| Email title: |
'MSN HOTMAIL Account Verification' |
| Scam target: |
MSN users |
| Email format: |
HTML email |
| Sender: |
support@msn.com
|
| Sender spoofed? |
Yes |
| Scam call to action: |
''...we have detected a slight error in your information...update
and verify your information by clicking the link
below...if your account information is not updated
within 48 hours then your ability to use your MSN
account will become restricted.'
|
| Scam goal: |
Getting victim's debit card and phone/address information |
| Call to action format: |
URL link |
| Visible link: |
https://www.msn.com/help.asp |
| Called link : |
http://msn.checkinformation.com/msn.htm
|
| Phish site : |
http://msn.checkinformation.com/msn.htm
|
|
| |
| E-mail |
This message looks like simple text, but it is actually a HTML message.
The phisher has used a formatting trick to try to circumvent the
spam/scam filters - you can see the 'https://www' part of the link
is just a little bit bigger than the other symbols. Otherwise, the
message does not look suspicious - the sender, URL and format are
convincing. The policy it voices also seems credible, with one exception
- the threat of restricting your account.
|
_email.jpg)
|
| |
| Web Site |
| Visible link: |
https://www.msn.com/help.asp |
| Called link : |
http://msn.checkinformation.com/msn.htm
|
| Phish site : |
http://msn.checkinformation.com/msn.htm
|
|
Once the link is being clicked, a pop-up window opens:
|
_site1.jpg) |
Obviously, its purpose is to strenghten the victim's decision to do as
told, and to distract him/her from the URL that opens simultaneously.
When the OK button on the pop-up is clicked, the actual phish site opens:
|
_site2.jpg) |
The site uses the same design style that the actual MSN pages use, and
is well crafted. However, the address bar of the browser is not spoofed
and looks like this :
|
_addressbar.jpg) |
The phishers feel confident that the close similarity of this URL to the
real MSN URLs will be enough to trick the potential victim.
|
In such cases, increased vigil and awareness are the only way to avoid
the scam.
|
The domain 'checkinformation.com' harbors at least one other known phishing
scam - against AOL. This shows a wave-like pattern in spreading phish
messages - a spam-like approach.
|
| WHOIS Data: |
Domain Name: CHECKINFORMATION.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Status: ACTIVE
Creation Date: 07-may-2004
Expiration Date: 07-may-2005
Organisation Name.... Jamal El-ghirani
Organisation Address. 7211 Hatteras Lane 2C
Organisation Address. Indianapolis
Organisation Address. 46214
Organisation Address. IN
Organisation Address. UNITED STATES
|
