It’s a brand new year and you would like to think that computer users are getting smarter about securing their systems, and not falling for the age-old tricks used by cybercriminals.
However, we still see our fair share of elementary unsophisticated attacks designed to steal credentials from the unwary.
Take this example, an email which claims to come from the “Windows Live Team” and warns Hotmail/MSN users that their account is at risk of immediate closure after different computers logged into it, and multiple attempts were made to guess the password:
Part of the email reads:
VERIFY THIS EMAIL ADDRESS TO AVOID IMMEDIATE CLOSURE
We have recently confirmed that different computers have logged onto your Hotmail and Msn account and multiple password errors have been entered. We are hereby suspending your account; as it has been used for fraudulent purposes.. Now we need you to reconfirm your account information to us. Click your reply tab, fill in the columns below and send it back to us or your email account will be suspended permanently.
The email, which has the subject line “CONFIRMATION ALERT RESET (2013)” and comes from an unofficial-looking @msn.com email address, urges the user to reply via email with their full name, username, password, date of birth, and country in order to confirm their identity.
In case that seems a little brusque, the would-be thieves who spammed out this email provided some helpful tips at the end of the email about managing email accounts.
Of course, Microsoft would never ask you to confirm your identity in this fashion – especially not by sending your password in an (unencrypted) email.
But less security-savvy computer users might be duped into believing it is true, and respond with all the information the cybercriminals want, before having a chance to think twice.
It’s a highly unsophisticated attack – but if it works against just a small number of people that the spammers send it out to, what does that matter?
Don’t be a cybercrime statistic, make sure that you, your friends and your family are wise to such tricks and don’t share your login information with anybody.
Hat-tip: Thanks to Naked Security reader Jack for forwarding us this phishing email.