Phishing in the Microsoft Windows Live Hotmail Pond
May 21, 2012 3 Comments
A variety of email phishing methods are employed in an attempt to harvest Hotmail usernames and passwords. Phishing attempts may give the impression that the source of the email actually originated from Microsoft.
A phishing attempt is a form of identity theft (an attempt to obtain *your* personal information). The example below shows a fake email message attempt to obtain (phish) your Hotmail username and password.
The message may have been delivered through the Hotmail servers (arriving in your Inbox) but not actually originating from Hotmail or Microsoft.
Inspection of the message’s headers often provides many clues on the source and location of the fake message. The example below highlights (within red triangle) a few of these clues.
Also of importance the message header’s content may be falsified by the originating phishing source.
To view the message source/headers of a message received in your Hotmail account in the Hotmail web user interface.
- Single or Double Click on the message (to display it)
- Look in the upper right of the message for the ‘Reply’ option
- Click on the downward arrow adjacent and to the right of the ‘Reply’ option
- Scroll down and select ‘View Message Source’
- First and foremost – Be careful out there! If uncertain, be suspicious.
- For additional knowledge and information see these Microsoft articles.
May 15, 2012: Draft version
May 21, 2012: Original Publish Date
June 8, 2012: Added comments and ‘view message source’ instructions for the Hotmail web interface