Phishing attack against MSN/Hotmail users - a new year, but old tricks still persist

Filed Under: Spam

MSN and HotmailIt's a brand new year and you would like to think that computer users are getting smarter about securing their systems, and not falling for the age-old tricks used by cybercriminals.

However, we still see our fair share of elementary unsophisticated attacks designed to steal credentials from the unwary.

Take this example, an email which claims to come from the "Windows Live Team" and warns Hotmail/MSN users that their account is at risk of immediate closure after different computers logged into it, and multiple attempts were made to guess the password:

Simple email phishing attack

Part of the email reads:

VERIFY THIS EMAIL ADDRESS TO AVOID IMMEDIATE CLOSURE

We have recently confirmed that different computers have logged onto your Hotmail and Msn account and multiple password errors have been entered. We are hereby suspending your account; as it has been used for fraudulent purposes.. Now we need you to reconfirm your account information to us. Click your reply tab, fill in the columns below and send it back to us or your email account will be suspended permanently.

The email, which has the subject line "CONFIRMATION ALERT RESET (2013)" and comes from an unofficial-looking @msn.com email address, urges the user to reply via email with their full name, username, password, date of birth, and country in order to confirm their identity.

In case that seems a little brusque, the would-be thieves who spammed out this email provided some helpful tips at the end of the email about managing email accounts.

Of course, Microsoft would never ask you to confirm your identity in this fashion - especially not by sending your password in an (unencrypted) email.

But less security-savvy computer users might be duped into believing it is true, and respond with all the information the cybercriminals want, before having a chance to think twice.

It's a highly unsophisticated attack - but if it works against just a small number of people that the spammers send it out to, what does that matter?

Don't be a cybercrime statistic, make sure that you, your friends and your family are wise to such tricks and don't share your login information with anybody.

Hat-tip: Thanks to Naked Security reader Jack for forwarding us this phishing email.

, , , ,

You might like

4 Responses to Phishing attack against MSN/Hotmail users - a new year, but old tricks still persist

  1. Jim · 624 days ago

    I have seen versions of this aimed at Yahoo and Facebook users too.

  2. Freida Gray · 624 days ago

    I have never seen their second option in Hotmail.I just use the third option regularly on my junk & deleted mail,which may explain why I haven't seen this email.

  3. John · 624 days ago

    First red flag........ if MSN was suspending your account, you would be notified at the login, not via email.

    Second red flag............read the first sentence of the email again. "We have recently confirmed that different computers have logged onto your Hotmail and Msn account and multiple password errors have been entered." If different computers had "logged onto your Hotmail and MSN account....." there couldn't have been "multiple password errors", or they wouldn't be "logged onto".

    Third red flag........ MSN is spelled "Msn" in the email. If something is sent "officially" from a specific site, especially one as big as MSN, there won't be any spelling errors. If there is one word spelled wrong, I say delete it.

    Some people, I'm sure, are going to fall for this because they lack common sense. It's a shame, too. All it takes is a little analysis of what is there, only takes a couple of minutes, tops, and could save them a lot of "pain".

  4. Kathy Sullivan · 614 days ago

    I just forward those to abuse@hotmail.com with the source code of the emails and let Hotmail handle them. Been doing that for years. There's always a new batch every September when universities start school.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.