Thursday, December 22, 2011

Ok, this may be nothing, but I'm a suspicious person!
Out of the blue I get a very "minimalist" email from someone I know but rarely sends me an email.
It's contents:


Straight away I'm dubious,
as this person is one I know most likely wouldn't
  1. Create a video
  2. Upload it to some web space which can only be reached by
  3. Including a link in an email
So I cautiously click on the link, a new tab opens and I'm invited to "Sign In" to my Windows Live account to view the video.....well I'm not typing squat into that form and close the browser tab for it. On re-clicking the link in the email it now behaves differently, throwing up a small grey dialog box informing me I'm a winner (for my location) and progressing with that link offers me a choice of prizes and no doubt (if I persisted) ample opportunity to reveal all my personal details (under the guise of market research - all strictly confidential, of course) before possibly insisting I sign up for some fabulous offer in order to qualify for my prize.....etc, etc, etc.

For the uninitiated, don't under any circumstances, respond to prompts for username and password with those (critical to your safety/privacy) details when an emailed link is involved, you'll just be handing over the keys to your email (as I suspect this person has unwittingly done by compliantly responding).

Sure enough, I have called this person and they've confirmed that other contacts of theirs have reported receiving the same email, which they didn't send!
When I got them to check their email account they were challenged to enter their password, which they did and discovered that they had been "blocked", due to the detection of "spam" activity, i.e. the mass emailing to all their contacts of these bogus emails with the "dangerous" links.

They confirmed that they had previously encountered an email from a "friend" with a similar theme, i.e. simple message to view a video, a need to "sign in" (i.e. hand over your username AND password) and then a claim that you've qualified to win a prize.....

So, in summary, do not enter your username and password in response to a prompt generated by a link in an email, no matter who it's "from". Consider doing that is the same as writing those same details on a roadside billboard!

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)