Do not fall for this common and old attempt to steal your password.
You would receive an email, IRC or other message saying something like:
You have received an InstaKiss! Get it here!
The message would also contain the address of a web page such as this one:
The user name and password you would submit would be mailed to the attacker.
The example above was designed to appear like a service operated by America Online. However, the URI reveals that the page was hosted by a free web space provider. With a little more effort, the attacker could have obfuscated the URI through frames, numeric IP addresses, redirections etc.
When sending sensitive information, such as passwords, over the Web, it is important to ensure that one is communicating with the correct server and that only the intended receiver can read the message. In practice, this means using the https scheme (as in https://example.com/) and carefully verifying the server certificate.
All content © 2000–2013 Thor Kottelin t/a Turvasana Tmi, unless otherwise indicated. Any trademarks or registered trademarks mentioned on this site belong to their respective owners. Content and techniques used on this site may be available for licensing; for details, please contact the webmaster. — Conventional hyperlinking to this site is welcome. However, none of the content on this site may be shown, even partly, in a context inferring or claiming it to be part of or sponsored by any other organisation or site. Such prohibited techniques include (but are not limited to) framesets, interstitial pages, kiosk mode pop-ups and reverse proxies. — For information on advertising, please click on the ‘Ads by Google’ or ‘AdChoices’ link next to any advertisement.