It's called Phishing - I got this one in my email account this morning. In a seminar recently a developer asked me for an example of how Phishing works and I thought this was a good typical example - so I'd bog it.

NOTICE: Never Click on a Link in an Email unless you're REALLY Sure !

In my morning in-box I receive this email, sent to my address that appears to be an official looking request form MSN Accounting.

But, when I hover over the link the email wants me to click on I see a problem !!!
The link is to and NOT
Also, notice the cid= argument ? This argument identifies me to the Phishing Host - so I DON'T click on the link.
I don't want the Phisher to know they even found me.
Instead, I open a new browser instance and enter into the Address Bar.

A trick happens here that fools lots of web surfers. A new window opens the box above.
The ORIGINAL browser window re-directs to the REAL

If you Right-Click in the Dialog Box that asks for the MSN Username and Password, and view properties.......
LOOK ! You're about to send your Usename and Password to a Hacker's Site !!

If we look at the WHOIS record for we see that it does NOT belong to Microsoft Corporation.
In fact, it was registered only FIVE DAYS ago.

NOTE: The name and contact info for the registrant has been modified and the attack has been reported to MSN. It is very possible that the name and contact info in the record are NOT actuall and were used by the REAL registrant to mask their identity.