Phishing Scams: December 2008 Archives

Whenever I see a video on Youtube that repeatedly urges me to "visit a link" in relation to Habbo, I'm naturally suspicious. As it turns out, to fool people into handing over their Habbo logins, all you need to do is pretend you've created an awesome program that manipulates every aspect of Habbo you can think of....






...and then post up a link to a third-party website. Once you enter your login details, you'll gain access to the wonderful program.

Honest.

No doubt a lot of people have fallen for this already, but if they'd only taken the time to examine exactly where the .tk domain redirects to....



..."Fishingisfun"? Call me suspicious, but I don't think I'll be entering any login details onto that website anytime soon...

If you like shooting zombies in the face - and who doesn't - then you may well have already purchased Left 4 Dead, a videogame pitting four survivors against a relentless zombie horde.

Well, it appears to be a popular target for scammers. An EMail popped up in my mailbox over the weekend, claiming I'd received a "guest pass" that would let me play the full game "for a limited time". Here's the mail in question:


Click to Enlarge

"The steam support has invited you to use a free guest pass for Left 4 Dead on Steam, the leading digital distribution platform for PC games.

Once you've installed Steam (or if you already have an account) click here to accept steam supports invitation to a full game of Left 4 Dead."

Of course, the link for the "guest pass" doesn't take you to an official site - it takes you to

steampovvered.co.cc (note that's steampo v v ered, NOT steampowered)

At that point, if you enter your Steam password, you've potentially lost it for good. The site is currently offline, presumably because it's already been reported ("This domain is under examination at the moment, it will be finished within 24 hours"). However, there are probably more Phishing scams out there attempting to capitalise on the popularity of this particular game.

Now if you'll excuse me, I have to prepare for the coming Zombie Apocalypse...

This is a particular favourite of Phishers - a page claiming to give you free Microsoft Points for XBox Live, only to take your login and do what they want with it (which could range from using the credit card stored against your account to buy lots of games you don't actually want to just trashing your gamer profile).

With that in mind, then, here's the offering for today:

freemspoints4all.blackapplehost.com


Click to Enlarge

The "3.1" in the bottom right hand corner is particularly humorous. Anyway, hit "Click here" and you're taken to a standard fake Live login page:


Click to Enlarge

If the unwary visitor should enter their details, some code in a .php file will stash the login for the Phisher to grab later while immediately redirecting you to the following (entirely fake) message on a blank page:


Click to Enlarge

If you get to the stage where you see this message, you should be thinking about logging in as quickly as you can and changing your password. Top tip for the day - any website that offers "Free Microsoft points" should be avoided like the plague. I've yet to see a genuine one, and I think I can safely say I'll be waiting for quite some time before I do...