Instant Messenger Phishing

Phishing attacks do not always come via email nor do they always come from your "bank's website administrator".  Sometimes, even an instant message sent by your friend is something you should be wary of. If you receive messages like this from a 'friend' in your contact list, be extra cautious!

The link points to a phishing page that tries to fool you to enter your MSN credentials to steal them:

The URL link is usually in this format:

http://<phishing website>/?user=<YOUR MSN USERNAME>&image=DSC00<3 RANDOM NUMBERS>.JPG

Take note of the URL parameters; "user" is your MSN user name and "image" is the image filename format used by a popular digital camera. The URL looks like a personalized link, something that can easily trick unwary users.

We know that this type of threat is not something new, but people can still be easily deceived. So be wary of sudden MSN requests like this.