Phishing Scam Site: MSN Block Checker (oh-oh-oh)

It seems a fresh new phishing/scam website has emerged. Apparently you put in your MSN/Hotmail/Live credentials in and it will tell you how many of your contacts have blocked you. It looks like this:


I’m very suspicious of these types of sites especially when I receive a link to it from an old Hotmail contact whom I’ve not had contact with in years. And although it might look legitimate due to the MSN logo and familiar MSN icons – a quick WHOIS check on the domain reveals something different:

 Registrant Name:         Oxana V Eskova
 Registrant Organization: Oxana V Eskova
 Registrant Street1:      ulica Kostromskaya d.6 kv.21
 Registrant City:         Voronezh
 Registrant State:        Voronezhskaya obl.
 Registrant Postal Code:  394014
 Registrant Country:      RU
 Updated Date: 13-sep-2009
 Creation Date: 13-sep-2009
 Expiration Date: 13-sep-2010

So, be warned, tell your friends not to use the site to put in their credentials because their account will almost certainly be compromised (as will their contact list).


20 Responses to “Phishing Scam Site: MSN Block Checker (oh-oh-oh)”

  1. This was sent to me. I did not put in my information. However, I still got my info. All of a sudden I am getting emails from my old contacts. How do I get this to stop?????

  2. I fell for this scam, but immediately changed my password. Do i need to do anymore?

    • @Matt – If you’ve managed to log in and change your password you should be safe from them stealing your account but know that since you provided your email address you might still get lots more spam than normal.

  3. I had got a mail of this sort, I keep getting them, I had clicked on it but hadn’t entered my information in it, but now, my hotmail ID seems to be giving out those emails to people. What can I do? I think I will change my password right now, since I have read this. Since I don’t really use my aol, I guess I can give it out here asking for a reply and help in this. [email removed]. Thanks.

    • @Anjana – I would suggest you go onto Hotmail and AOL and change your password as soon as you can. I would also check the alternate email address of each account (if you’ve set one up) to make sure it’s still set to your own email account. A good idea would also be to check your machine for spyware and Trojans. Good luck.

      • Oh yeah, I did change my password in my hotmail account. And no, I haven’t set any alternate account as somehow I don’t really like hotmail mail, I never use it, I use my yahoo for emailing. I just have hotmail cuz of msn. And yes, I had checked my system, I did have a few trojans and they have been removed. Thanks for the help =D This was very useful. I have bookmarked this page and given the link to many people I know. As for my aol. I don’t use it, I just made it, never used it, no one even knows my aol. I just use it when I need to give my email for online stuff. I just check it like once in 2 weeks or a month or something. So I don’t get any mails from anyone except for aol so I don’t really need to change the pass =D Thanks though.

  4. I have been working with many ISP’s and have had great luck in paralyzing this phishing scam, I have gotten the ISP’s to take action and disable the accounts used to host the sites, the problem is now, that the guy is using a botnet to host the sites, which I had those IP’s shut down which were in the botnet. But now, he’s moved onto a Nameserver of, another phishing site it seems, created by same registrar, XIN NET TECHNOLOGY Corp.. so yeah, I dont think its the end of it “Yet” but Im on it, along with other Security vendors.

    • @Jonathan – thanks for the update mate – it looks like the yaya address was registered just two days ago – either the site is not up yet or it’s already in the process of being shut down. Anyway, good luck with getting more ISPs to shut him down – the more we can spread the word the better.

  5. If you find any more sites, or get any more of those MSN Block checker emails, please forward the emails to me “as attachments” at jy at live dot ca

    Also, another thing, if you are using OpenDNS (, you are protected against these MSN Phishing scam sites, as a majority of them are blocked in the Phishing category of OpenDNS.

    • @Jonathan – thanks mate, will do – and keep up the great work of listing all the phishing sites.

    • There are many more similar sites, however some are actually genuine. A lot of them are scams though. Btw, to actually check all this, msn plus is a lovely option. It is installed in your messenger. All you need to do is open the msn plus thing in your messenger and it gives you a complete list.

  6. I got 95% of the old sites, now shut down!

    Email from the webhost, that was hosting the majority of these sites:


    Respected Sir,
    After giving 72 hours of notice we have disconnected the clients server as they did not contact us back on the issue nor they switched off their sites.

    Let us know if we can assist you further.

    Thanks in advance.


  7. I just got caught by one of those stupid site. I clicked the link but i did not enter any of my infos. Am i still in danger of them stealing my infos? What should i do now? I ran avg and spybot afterward and cleaned everything out , but i’m still afraid of them accessing my accounts.

    I deleted the address of the site , but my friend probably still has it , it was something like and something else afterward 😦 I’ll find it and let you know…

  8. hi i stupidly entered my details in this exact same site!!! silly me changed password… it sent an email to all my msn list… what to do now???

  9. I’m an idiot and gave my details to not only did they advertise themselves in my status name :L but i got like 5 viruses (including trojan) but all’s cool now πŸ™‚ i’ve been getting phishing messages from my offline contacts everyday since though…. :S even though i changed my password…. oops! <:P

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: