Windows Live ID phishing spam

Joe Wilcox warns of what seems to be an attempt to phish his Windows Live ID and password.

Here is the contents of the email purporting to come from the “Windows Live Team”:

Are you protected?

Dear Account User,

This Email is from Hotmail/Live Customer Care and we are sending it to every Email User Accounts Owner for safety. We are having congestions due to the anonymous registration of Hotmail/Live accounts so we are shutting down some Hotmail/Live accounts and your account was among those to be deleted.

We also noticed a violation use of your account and if you think you have not violated the Terms and Condition of Hotmail/Live, please verify below with information requested

You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons.

* Username: ……………………
* Password: ……………………
* Date of Birth: ……………….
* Country Or Territory: …………

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.

Warning: Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.

Sincerely,

The Windows Live Hotmail/Live Team.

What made this email stand out among the myriad of other spam messages is the interesting fact that the Windows Live Hotmail spam filter didn’t catch it. Wilcox thinks it’s because it doesn’t have an embedded link or a suspicious attachment. Another thing that contributes to the email’s credibility is the very legitimate-looking address from which the message has been supposedly sent: communications@microsoft.windowslive.com.

It helps to remember that Microsoft is not in the habit of asking passwords to be sent via email. No respectable service would ask you to do that because it’s just not a secure enough method for sending private and/or confidential information. It is also good to remember that legitimate services are unlikely to use threats to make you do things like confirming your email address or your login information. If they did, they wouldn’t last long.




Share this