Phishing in the Microsoft Windows Live Hotmail Pond

Summary:

A variety of email phishing methods are employed in an attempt to harvest Hotmail usernames and  passwords. Phishing attempts may give the impression that the source of the email actually originated from Microsoft.

Background:

A phishing attempt is a form of identity theft (an attempt to obtain *your* personal information). The example below shows a fake email message attempt to obtain (phish) your Hotmail username and password.

HM_PhishScam_00

The message may have been delivered through the Hotmail servers (arriving in your Inbox) but not actually originating from Hotmail or Microsoft.

Inspection of the message’s headers often provides many clues on the source and location of the fake message. The example below highlights (within red triangle)  a few of these clues.

HM_PhishScam_02

Also of importance the message header’s content may be falsified by the originating phishing source.

How To:

 To view the message source/headers of a message received  in your Hotmail account in the Hotmail web user interface.

  • Single or Double Click on the message (to display it)
  • Look in the upper right of the message for the ‘Reply’ option
  • Click on the downward arrow adjacent and to the right of the ‘Reply’ option
  • Scroll down and select ‘View Message Source’

Comments:

  1. First and foremost – Be careful out there!  If uncertain, be suspicious.
  2. For additional knowledge and information see these Microsoft articles.

Email and Web Scams: How to help protect yourself

http://www.microsoft.com/security/online-privacy/phishing-scams.aspx

Win the Battle against email fraud

http://blogs.msdn.com/b/securitytipstalk/archive/2012/03/20/win-the-battle-against-email-fraud.aspx

How to recognize phishing email messages, links or phone calls

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Revisions:

May 15, 2012:  Draft version

May 21, 2012: Original Publish Date

June 8, 2012: Added comments and ‘view message source’ instructions for the Hotmail web interface

About Winston
Microsoft MVP

3 Responses to Phishing in the Microsoft Windows Live Hotmail Pond

  1. Mellisa says:

    Hi there! I simply want to give a huge thumbs up for the good information you have got here on this post. I will likely be coming back to your blog for extra soon.

  2. Elen says:

    quite interesting blog. thanks for posting.

  3. K says:

    I’m impressed, I must say. Really not often do I encounter a blog that’s each educative and entertaining, and let me tell you, you’ve hit the nail on the head. Your concept is excellent; the issue is one thing that not sufficient people are talking intelligently about. I am very completely satisfied that I stumbled across this in my seek for one thing relating to this.
    Oh my goodness! an incredible article dude.

%d bloggers like this: