"InstaKiss" password theft

Do not fall for this common and old attempt to steal your password.

You would receive an email, IRC or other message saying something like:

You have received an InstaKiss! Get it here!

The message would also contain the address of a web page such as this one:

Web page: "To get the InstaKiss that someone has sent to you or to send a InstaKiss to another AOL member, enter your screen name (or account name)——"

The user name and password you would submit would be mailed to the attacker.

The example above was designed to appear like a service operated by America Online. However, the URI reveals that the page was hosted by a free web space provider. With a little more effort, the attacker could have obfuscated the URI through frames, numeric IP addresses, redirections etc.

When sending sensitive information, such as passwords, over the Web, it is important to ensure that one is communicating with the correct server and that only the intended receiver can read the message. In practice, this means using the https scheme (as in https://example.com/) and carefully verifying the server certificate.

Google’s use of the DART cookie enables Google to serve ads to you based on your visits to this and other websites. If you do not wish to use the DART cookie, please opt out on the privacy policy page for Google’s ad-and-content network. Additionally, you can usually specify your cookie preferences in your browser settings.

Any trademarks or registered trademarks mentioned on this site belong to their respective owners. Conventional hyperlinking to this site is welcome. However, none of the content on this site may be shown, even partly, in a context inferring or claiming it to be part of or sponsored by any other organisation or site. Such prohibited techniques include (but are not limited to) framesets, interstitial pages, kiosk mode pop-ups and reverse proxies. — For information on advertising, please click on the ‘Ads by Google’ or ‘AdChoices’ link next to any advertisement. ec2-54-226-161-112.compute-1.amazonaws.com
(none) CCBot/2.0 (http://commoncrawl.org/faq/)
/irt/phish-instakiss.shtml /irt/phish-instakiss.shtml Wednesday, 23-Jul-2014 22:09:27 GMT