The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Sunday, April 16, 2006

Don't give your password to

Seriously folks, do I have to start taking names? Don't type your personal passwords into strange web pages.

Here's the latest one to cross my desk this week: You get an email that looks like it came from one of your friends, with the subject "Check it out". It contains a link to a web page that lets you find out who invited you. You then enter your first name, your email address at Hotmail, Aol, Yahoo!, or Gmail, and your password.

Tada! Now the phishers have — wait for it — your first name, your email address and your password. And from that, your contact list.

So now your contacts all get "Check it out" emails from you, and the circle of life is complete. And the next week, you don't know why your account was suspended for spamming.

You can see the web page in question at if you want, just don't fill out the form and you'll be all right.

Read the touching and honest blog entry of one poor soul who fell for it.

Update: Spamhaus project has listed them:


Post a Comment

<< Home