When being in the big channels with 500+ users, you will see a lot of URLs. And they are all quite obvious. Clicking one of these will, most commonly, use an exploit in IE and load up malicious code in your mIRC. It will then report your auth and password back to the authors, because you have used some way of automatic authentication, like using the perform or a script. Next thing you now, you are spamming around these URLs infecting more people. Note that they usually use the /amsg command of mIRC, so you wont only see these URLs in the big channels. Your own friends in a clan channel might spam these URLs, so be on the lookout for dodgy domains and text. Often the URLs mention something about free things, like Ventrilo servers, or bouncers. Or is supposed to be a funny picture of a professional gamer.

The users who fall for this trick is usually the dumbest as they have been warned against this particular kind of auth-theft in several different places, from the moment they created their auth. What happens is you get a message/notice from a nick which looks like Q, like [Q], \Q-Serv\ or \AUTH\. Apart from the fact that you should never ever send your password to anyone but Q@CServe.quakenet.org there is something else which differs from these fake messages, and actual messages. Q will never ever ask you to change your password by giving you a command to do so.

Someone you don't know usually sends around a message about giving out free bouncers. But you really should not accept anything like this from people you do not know and trust 100%. What usually happens is they snap up your auth and password when you log in to Q, as you are sending it over the bouncer as, you→bouncer→QuakeNet. If you really want a bouncer you might as well pay the little money it costs. And use a company some of your friends already use, and know are legit.