In my last post, I mention about the “Pics for MSN friends” spam. The other spam variant from Tubela management I have received recently are the “MSN Messenger Block Cheker” ones.
To recap: Users who have gave away their MSN credentials to Tubela management allows them to “advertise” their links to all friends of an MSN user through MSN messenger or email. Since I have shown the MSN Messenger version in the other blog piece, I will show the email version here:
My friend has “invited” me to see who have deleted or blocked me from their contact list on MSN Messenger. Given this, Should I find out who don’t want to my friend anymore?
Let’s follow the link. The site the message links to is:
This looks somewhat similar to the “Pics for MSN Friends” in that the site is pretty bare and asks for MSN login credentials. Even though the site has a padlock icon and the words “Secure Site”, the link is still http:// and not https://. This means that the site is not secure at all. So, to answer the question above, it is not a good idea to give away my MSN credentials to this site.
For ordinary users, the best defense against these kind of sites is to practice safe browsing techniques. For Sophos users, the “Blocker Checker” sites are blocked by the Sophos Web Appliance, much like the “Pics for MSN friends” sites. In addition, the email message above would have been blocked if it had passed through a Sophos Email Appliance or Pure Message.