Jan Leow's Press Blog


Potential phising site – imgeshack.info

Potential Phising site

If this is not a clear case of a website phising for id and password then I don’t know what this is. Every now and then my MSN Messenger buddies will pop a url link to this imgeshack.info website. The website is really simple, just a page requesting you to key in your MSN id email and password. It has no relation with another website called imageshack.us. They just created another domain with the same name but using a different extension.

Below is the screenshot of the imgeshack.info website to warn other future people about this potential phising website.

Don



The website terms did put some disclaimer and even have the gall to say that they are not a phising website. Any foolhardy surfer who thinks faster with his fingers than thinking it through with his grey matter would have thought that any info or site passed by your buddy would seem legitimate. Alas, no, it is because your friends MSN Messenger account was already compromise that now as his buddy is also receiving such phising messages.

Sure there are other third party sites like Facebook or Trillian where you can key in your ID and password to access their services. Still one must do so carefully and not just jump headlong without some thought first.

When I queried back my MSN buddy, they have no idea that they send in the link. That meant the website has already harvested his account and could now log in and sent out various kind of spam without their knowledge. Some to lure additional unsuspecting MSN messenger users, and perhaps finally to steal any sensitive information such as credit card details, login details for online banking, or other sensitive information.

A check using whois showed that the website was registered to a person in Panama City for a TST Management company. I wonder how correct is the information, because I did make a whois check for this similar type of website some months ago and it was registered to a person located in China. The registered date for this website was on the 14-June-2008, so I guess the moment they found out somebody was on to them they just re-register a new domain using another server located somewhere in world.

Next time when your online instant messenger friends pass you a link, think carefully whether the origin was actually from your friend or from someone else more sinister.


Update 18-June-2008

Here they go again, making similar sounding website, but ending with a login similar with the above picture. if you see image-fly.info, this is a phising website; the difference is with the dash, the correct website is www.imagefly.info.

Sigh…!


update 11-July-2008

Here’s another few more of the same:
www.coooool.info/
www.imagrshak.info/


update 4-Aug-2008
Just listing them as they come…

www.datsyou.com
www.youpichost.com:88
www.summarypic.com:88
www.frieendz.com

Related post:

2 thoughts on “Potential phising site – imgeshack.info”

  1. I’d doubt about the domain owned by an american company, the server hosting this site is located in Hong-Kong. The ISP hosting the server does not seem legit as “Sun Network”‘s email address is @msn.com. Website advertised as “SunNetwork.Com.HK”…

    We’re fighting that at the office, with more and more people managing to enter their msn informations on this site. A good way to fight it back is to tell people who send spam without knowing to change their microsoft passport password.

  2. Ya, that’s what I told them to do, but some just have no inkling what I’m talking about. Didn’t even bothered to do what I have advised them. Maybe they thought it was not serious. But those that took heed did try to change their password. There was another type which was worse, it seemed to have installed a trojan virus, so that even after changing the password, the unsolicited messages still pop up. It’s tough to fight phisers…

Leave a Comment

Your email address will not be published. Required fields are marked *

Blue Captcha Image
Refresh

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.