You get a message from your bank, ordering you to click the link to update your security information. You click the link, input your PINs and credit cards, then go about your business. A few days later, you find you’ve been wiped out. Victims include customers of Barclays, Citibank, Halifax, Nationwide, NatWest, PayPal and Westpac.

It’s called phishing. Essentially, scam artists craft an HTML email message that sends you to a scamsite that looks and feels just like your bank’s, right down to the URL. To pull it off, scammers need a little help from your computer’s email client and browser. That, of course, is where Windows comes in… or did.

The Hook. Microsoft claims its latest update really, really stops it. And this time they mean it. Really. Not kidding. This is it.

So What’s The Snag? Once you’ve applied the update, endusers can no longer access sites that require username and password in the URL, like user:password@ftp.foobar.cxm. Thus, many applications that worked last week, are broken today. In its infinite wisdom, Mother Microsoft has decided there is no need for medium-security networking. It’s all or none. Microsoft giveth, and taketh away.

See for yourself at Microsoft Technet Bulletin MS04-004.