Don't fall for this common (and old) attempt to steal your password.

You would receive an email, IRC or other message saying something like:

You have received an InstaKiss! Get it here!

...and containing an address to a web page such as this one:

Web page: "To get the InstaKiss that someone has sent to you or to send a InstaKiss to another AOL member, enter your screen name (or account name) --- "

The user name and password you would submit would be mailed to the attacker.

The example above was designed to appear like a service operated by America Online. However, the URI reveals that the page was hosted by a free web space provider. With a little more effort, the URI could have been obfuscated using e.g. frames, numeric IP addresses, and/or redirections.

When sending sensitive information such as passwords over the WWW, it is important to ensure that one is communicating with the correct server, and that only the intended receiver can read the message. In practice, this means using the https scheme - e.g. https://example.com/ - and carefully verifying the server certificate.

All content © 2000–2008 Thor Kottelin, unless otherwise indicated. Any trademarks or registered trademarks mentioned on this site belong to their respective owners. Content and techniques used on this site may be available for licensing; for details, please contact the webmaster.

Conventional hyperlinking to any content on this site is highly welcomed. However, the work you are viewing must not, even in part, be shown in a context inferring or claiming it to be part of, or sponsored by, any other organization or site. Such prohibited techniques include (but are not limited to) framesets, interstitial pages, kiosk mode pop-ups, and reverse proxies.

38.103.63.17 (none)
(none) CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
/irt/phish-instakiss.shtml /irt/phish-instakiss.shtml