I Seek You(r Password)

Yesterday I received a spam (image) purporting to come from support@icq.com. It asked me to specify my ICQ username and password, in order to verify that I was still an active user.

The e-mail originated from an IP address in Turkey, and uses a Canadian Web to e-mail gateway provider to send the information to who knows where.

Obviously the whole procedure is suspect, and there were tip-offs (“the ICQ Inc.”, “you confirm us”, “filling the empty spaces”) in the text that cast further doubt, but even I did a double-take because I do have a lapsed ICQ account.

It makes me wonder: how many people were ensnared by this approach? Just what does the sender intend to do with that information? Will we have better trust mechanisms (and user education) before single sign-on programs like MS Passport and Liberty Alliance get off the ground?

Comments are closed.