The Lazy Hippy - Ethical Internet Marketing > This is not a “phishing” site that attempts to “trick” you… apparently.

This is not a “phishing” site that attempts to “trick” you… apparently.

Posted: Si on Apr 22 | ethics, affiliate marketing

Earlier today I got a message on MSN from someone I don’t talk to that much (and I haven’t spoke to her since):

her-email@whatever.com says:
hey check this.. hxxp://very.c00l-stuff.com ..brb !!

Think it’s the first time I’ve ever had spam on MSN from a contact, I assume her account has been phished.

The site is just a couple of iframes:

<frameset rows=”*,30,1″ frameborder=0>

<frame src=”hxxp://www.incentaclick.com/nclick.php?id=4568&cid=id⊂=test5″ name=”">
<frame src=”hxxp://www.cpashield.com/abuse.html” name= frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame>
<frame src=”counter.html” name= frameborder=no framespacing=0 marginheight=0 marginwidth=0></frame>

</frameset>

Are Incentaclick and Cpshield the same guys? It was only yesterday I read some good reports of Incentaclick, but I haven’t used them yet.

Looking at the whois for that domain, it gives the name “TST Management, Inc”, put TST management in Google and it brings up reports of that name in the whois of domains used to collect details last month (localpics.info, skaq.info, pooop.info & others).

They are not phishing in the traditional way, seems they are stating the user needs to enter their details to see a friend’s photo or get credits (??), bet million of sheeple have happily filled those boxes, ticking the box to say they have read and agreed to this:

[quote]By filling out this form, you authorize TST Management, Inc to spread the word
about this 100% real and upcomming Messenger Community Site.
You will receive your share of the credit in helping us spread the word. This is a harmless
Community site which is offering users a platform to meet each other for free.
We do not share your private information with any third parties.
By using our service/website you hereby fully authorize TST Management, Inc to send messages
of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information
you provide us. This is not a “phishing” site that attempts to “trick” you into revealing personal
information. Everything we do with your information is disclosed here. If you are under eighteen (18),
you MUST obtain permission from a parent or guardian before using our website/service.
This page is not affiliated with or operated by Microsoft(tm) or MSN Network(tm).
ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR
ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT,
DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED
TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.
We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.
This is a free service. You will not be asked to pay at any time.
You will not be subscribed to anything asking for payment.
This service is made possible by many hours of human effort.
Messenger Profiles, Inc reserves the right to change the terms of use / privacy policy
at any time without notice. To view the latest version of this privacy policy,
simply bookmark this page for future reference.
You understand that this agreement shall prevail if there is any conflict between this
agreement and the terms of use you accepted when you signed up with MSN. You also
understand that by temporarily accessing your msn account, Messenger Profiles, Inc
is NOT agreeing to MSN’s terms of use and therefore not bound by them.
This agreement shall be construed and governed by the law of the Republic of Panama.
You expressly consent to the exclusive venue and personal
jurisdiction of the courts located in the Republic of Panama
for any actions arising from or relating to this agreement.
Copyright 2008 TST Management, Inc
[/quote]from forgedeuphoria.com

This is dodgy as fuck.

Seems they are (on paper at least) based in Panama - comments on other sites suggest that the domains are registered to a law firm there, but hosted in Hong Kong. I doubt if any of the names on the whois records are genuine.

Just found one of the sign-up/phishing pages in G’s cache (seeing as the sites are now down… it was either a mistake to let Google index them or maybe planned…?)

Not very convincing to me. If they were all like that, how can people be so fucking stupid to put their info into that page?! Maybe they deserve to have their account hijacked, it’s only bots spamming msn. Is it any worse than some of the shit with emails, AIM, etc?

I think it is. If my email gets on a list, it’s most likely my fault and it’s only me that gets the spam. With this kind of spam (spim? - that’s such a shit term!) I am being spammed just because I have the odd stupid friend. I have no say at all in whether or not I get these messages. That’s the big problem.

More should be done to educate the sheeple about online security and to not sign up to anything they haven’t read - as they generally wouldn’t if they were signing a piece of paper. But at the end of the day, if they put their email or IM details into some form and it is only used to mail them crap, They got a load of junk, at worst buy crap they don’t need, and hopefully learn something from it.

This however targets the friends of the stupid person. People who did not sign-up, opt-in or fill in some box without scrolling down to read what they were agreeing too. Sure, this had been going on with AIM for years - but like MSN most of us go with the default settings, so we are used to MSN being only allowed contacts and AIM being open - spam is the price paid for accessibility. It’s a similar story with social networking sites - MySpace, Facebook, Bebo accounts “hacked”, details phished with information intended to mislead, spam sent to the unsuspecting friends of the stupid person. That is annoying for the recipient, but still just another spam email seen when you check your inbox.

Maybe I’m just lucky, but I’ve used MSN for years and don’t remember a single other spam message coming (apparently) from a contact. Now, my friend was stupid and I’m seen as guilty by association and therefore given the choice of block my friend or receive unsolicited messages as and when they want.

What do you think? Is misleading stupid people to get their MSN login details an ethical way to market to their less-stupid contacts? Or is it wrong to target those least able to defend themselves in this way? If it was just email submits for mobile sites being promoted then it wouldn’t be much more than an annoyance, but I doubt that is the only thing the data gathered is used for.

• Social Web
• E-mail