Sophos Cloud Optix
It’s a brand new year and you would like to think that computer users are getting smarter about securing their systems, and not falling for the age-old tricks used by cybercriminals.
However, we still see our fair share of elementary unsophisticated attacks designed to steal credentials from the unwary.
Take this example, an email which claims to come from the “Windows Live Team” and warns Hotmail/MSN users that their account is at risk of immediate closure after different computers logged into it, and multiple attempts were made to guess the password:
Part of the email reads:
VERIFY THIS EMAIL ADDRESS TO AVOID IMMEDIATE CLOSURE
We have recently confirmed that different computers have logged onto your Hotmail and Msn account and multiple password errors have been entered. We are hereby suspending your account; as it has been used for fraudulent purposes.. Now we need you to reconfirm your account information to us. Click your reply tab, fill in the columns below and send it back to us or your email account will be suspended permanently.
The email, which has the subject line “CONFIRMATION ALERT RESET (2013)” and comes from an unofficial-looking @msn.com email address, urges the user to reply via email with their full name, username, password, date of birth, and country in order to confirm their identity.
In case that seems a little brusque, the would-be thieves who spammed out this email provided some helpful tips at the end of the email about managing email accounts.
Of course, Microsoft would never ask you to confirm your identity in this fashion – especially not by sending your password in an (unencrypted) email.
But less security-savvy computer users might be duped into believing it is true, and respond with all the information the cybercriminals want, before having a chance to think twice.
It’s a highly unsophisticated attack – but if it works against just a small number of people that the spammers send it out to, what does that matter?
Don’t be a cybercrime statistic, make sure that you, your friends and your family are wise to such tricks and don’t share your login information with anybody.
Hat-tip: Thanks to Naked Security reader Jack for forwarding us this phishing email.
I have seen versions of this aimed at Yahoo and Facebook users too.
I have never seen their second option in Hotmail.I just use the third option regularly on my junk & deleted mail,which may explain why I haven't seen this email.
First red flag…….. if MSN was suspending your account, you would be notified at the login, not via email.
Second red flag…………read the first sentence of the email again. "We have recently confirmed that different computers have logged onto your Hotmail and Msn account and multiple password errors have been entered." If different computers had "logged onto your Hotmail and MSN account….." there couldn't have been "multiple password errors", or they wouldn't be "logged onto".
Third red flag…….. MSN is spelled "Msn" in the email. If something is sent "officially" from a specific site, especially one as big as MSN, there won't be any spelling errors. If there is one word spelled wrong, I say delete it.
Some people, I'm sure, are going to fall for this because they lack common sense. It's a shame, too. All it takes is a little analysis of what is there, only takes a couple of minutes, tops, and could save them a lot of "pain".
I just forward those to abuse@hotmail.com with the source code of the emails and let Hotmail handle them. Been doing that for years. There's always a new batch every September when universities start school.