Thread is a tad bit old now, but hey, I'm not the one bringing it back to life:
A general tip for everyone affected by this scheme: Free things are almost always too good to be true. Logically, a minecon cape for free would defeat the entire purpose of it's exclusivity, wouldn't it...?
I'm sure many of you are already aware of the dangers of clicking on a "you've won a free iPad!!1!!1!!!" ads. Honestly, a free minecon cape is no different. If it was as simple as putting in your username and password to get a cape...wouldn't everyone already have one?
Now, if MCSG was giving away diamond donor ranks in a contest, it could be completely legit, but just do some simple checks: Is it on the official MCSG website? If you came from the forums/news announcements the same way you always do, it's likely legit. But if you get a link, even from a friend, and the activity to achieve the donor rank doesn't make sense, (MCSG has no reason to have your account information - MCSG wide things are stored in server user files, not directly to the Minecraft/Mojang account.) then be cautious about it. Tweeting them "#diamonddonorcontest" is likely fine for the contest, similar facebook things is likely fine, these things help advertise the servers, but a "click this button and get free stuff instantly" button is extremely suspicious. They'd simply lose sales of donor ranks and gain zero advertisement in return. (Not that they wouldn't ever give away stuff like that, but it's extremely unlikely.)
But in general, check the url. If it looks like the Minecraft website, look at the url anyway: minecon.support? I'll be honest, that looks mildly legit, but do your research anyway: If you've never entered your login information on the website before, do a background check. Often times, simple google searches can help immensely. And heck, even simply enter fake information and see what happens: Username: Flappybird133769001hax. Password: 54JE#^^#sfghfdgf#. If that produces a "login successful", something is really wrong.
You'd be surprised, people have made some phishing sites made to look like steampowered before, where the url is literally the exact same with two letters switched.
Also, on "don't even trust links from friends," I mean if a friend acts strange when sending you a suspicious looking link, there is always a chance their steam/skype/minecraft account has been compromised. I've had several skype friends have their accounts compromised and continue to send me suspicious links. Never once have I clicked on one. Heck, even when I know it's my friend, I sometimes don't click on it if it looks weird. I don't know what websites they visit or how much they actually know about it.
I've only had my computer compromised by a "virus" once, and it was completely my fault for not checking what I was downloading. I didn't follow my own instructions above about checking the url or anything. Given the circumstances, it seemed silly to do that, but I've quickly learned from that just how easy it is for some guy to put that stuff online and have it overshadow the legit stuff.
(For the record, skype is extremely insecure. I don't recommend adding anybody you've never personally spoken to through voice before. Ever. They can do some nasty things with you as a skype contact. Viruses isn't one of them unless you let it happen, but other things.)