Phising attack warning from Microsoft for Windows Live

By Koushik Saha on 2.11.11

Filed Under: , , , ,

Microsoft has warned customers using its web properties, including services associated with Windows Live such as Hotmail, of a new phishing attack designed to steal their sensitive data.

The scam involves a social engineering technique in order to trick users into handing over their account information.

The unsolicited email message claims to be coming from Windows Live Customer Care, although the email is signed by the Windows Live Hotmail Team.

It’s this, and other discrepancies, that should alert users that there’s something seriously dodgy with the email in their inbox.

Attacks resort to attempting to scare Windows Live customers, bogusly threatening them with shutting down their accounts, unless they confirm them.

“This Email is from Windows Live Customer Care and we are sending it to every Windows Live MSN Email Accounts Owner for safety. we(!) are having congestions due to the anonymous registration of Windows Live MSDN accounts so we are shutting down some Windows Live MSN accounts and your account was among those to be deleted,” reads an excerpt from the spam email used in the phishing attack.

“We are sending this email to you so that you can verify and let us know if you still want to use this account.”Users are ill-advised to hand over all sorts of sensitive data, including username, password, date of birth and the country or territory they reside in.
The spam sports a number of evident typos, as such emails often do, and this should be enough to make recipients suspicious as to the email’s legitimacy.

“The bogus email claims to come from Microsoft and asks the recipient to respond to the email with their user name and password to avoid permanent cancellation of their account. This is a scam. Microsoft never asks for user names and passwords in an email,” reveals Microsoft’s Chris Stetkiewicz.

Users should never reply to such messages, and they should never, under any circumstances hand over sensitive info such as the username and password for their accounts.

0 comments for this post