14 DAY TRIAL // Who wouldn't want to see who of their friends has blocked them on a social network or as an instant messaging friend? Absolutely everyone! Acting on this, phishers have wheeled out a new phishing campaign specially targeting curious MSN Messenger users. In a post on the Trend Labs Malware Blog, Trend Micro experts revealed how attackers are gathering account credential information from users around the world.
The unsuspecting user will receive an email with the subject “hi o_O,” which contains a link to a page where they can check to see who of their MSN buddies has recently deleted them from their contact list. A piece of advice from us: if an email with this kind of title doesn't come from people you know, DON'T READ THEM, it is more than sure a spam or fishing campaign aimed at getting something from you.
Suspiciously, at the end of the email, there is a line stating “This is NOT Spam.” Another note from us: all spam letters say the same, so don't get fooled by these simple n00b techniques.
If the user gets fooled into clicking that link, they will be redirected to a page containing graphics similar to the MSN theme. On this page, they will be asked to enter their login credentials again, so they can see the list of friends that have betrayed them and deleted them from their contact list. If you haven't recently gone through a major break-up and are suspicious about the fact that your former girlfriend has banned you, don't ever enter any details for an official service if the URL containing the authentication page is not hosted on the service's main domain.
By getting fooled like this, a user will offer their MSN account credentials to attackers that could easily use them to break in and use them as a spam-bot or a relay for other various types of attacks. Users should be vary wary about emails like these, and not enter their passwords, if they use the same password for many other similarly named accounts.
Two screenshots provided by Trend Micro are attached below.
