Phishing in the Microsoft Windows Live Hotmail Pond

Summary:

A variety of email phishing methods are employed in an attempt to harvest Hotmail usernames and  passwords. Phishing attempts may give the impression that the source of the email actually originated from Microsoft.

Background:

A phishing attempt is a form of identity theft (an attempt to obtain *your* personal information). The example below shows a fake email message attempt to obtain (phish) your Hotmail username and password.

HM_PhishScam_00

The message may have been delivered through the Hotmail servers (arriving in your Inbox) but not actually originating from Hotmail or Microsoft.

Inspection of the message’s headers often provides many clues on the source and location of the fake message. The example below highlights (within red triangle)  a few of these clues.

HM_PhishScam_02

Also of importance the message header’s content may be falsified by the originating phishing source.

How To:

 To view the message source/headers of a message received  in your Hotmail account in the Hotmail web user interface.

  • Single or Double Click on the message (to display it)
  • Look in the upper right of the message for the ‘Reply’ option
  • Click on the downward arrow adjacent and to the right of the ‘Reply’ option
  • Scroll down and select ‘View Message Source’

Comments:

  1. First and foremost – Be careful out there!  If uncertain, be suspicious.
  2. For additional knowledge and information see these Microsoft articles.

Email and Web Scams: How to help protect yourself

http://www.microsoft.com/security/online-privacy/phishing-scams.aspx

Win the Battle against email fraud

http://blogs.msdn.com/b/securitytipstalk/archive/2012/03/20/win-the-battle-against-email-fraud.aspx

How to recognize phishing email messages, links or phone calls

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Revisions:

May 15, 2012:  Draft version

May 21, 2012: Original Publish Date

June 8, 2012: Added comments and ‘view message source’ instructions for the Hotmail web interface

Windows Live Hotmail – How To Close A Hotmail Account

Summary:

  • A Hotmail type account can only be closed by a valid Windows Live ID owner
  • Closure requires use of the Windows Live ‘Close Your Account’ tool
  • Closure requests are only finalized after 9 months (270 days) of inactivity

Background Information:

  • Due to security reasons only valid holders of a Windows Live ID can close a Hotmail account
  • Hotmail type accounts are of the form – Hotmail.com, Live.com, Msn.com and other country specific derivatives of  the same or similar domain (e.g. Hotmail.ca, Live.nl, Msn.co.uk etc.) Note: The terms ‘Hotmail account’ and ‘Hotmail type account’ are used interchangeably in this article (they are one and the same)
  • Account closure occurs in stages (closure request, message removal from the Hotmail server, refusal of incoming mail to the Hotmail server, and eventual/final closure ‘after’ 270 days of inactivity/use of the account)
  • Closing a Hotmail type account does not close a Windows Live ID account. The Windows Live ID account will be deleted after 365 days of inactivity.
  • The method shown below in the How To: is not applicable for 3rd party email addresses registered as a Live ID
  • The method shown below in the How To: is not applicable to subscription based accounts (Hotmail Plus or MSN Premium/Premier) until the account is cancelled and converted to a free Hotmail type account (contact Customer Service to cancel the subscription and convert the account to a free Hotmail type account).

How To:

1. To Close a Hotmail type account access the ‘Close Your Account’ tool  by first signing-in using the account’s Windows Live ID username and password (see below picture).

The url address for the ‘Close Your Account’ tool is:

http://mail.live.com/mail/CloseAccountConfirmation.aspx?

HM_CloseAcct_00

2. After ‘Sign in’ click the ‘Close your Account’ option

HM_CloseAcct_02

  • Note the 270 day required inactivity (subsequent use of the Hotmail account will cancel the closure request and reactivate the account)
    3.  Once the account closure request is processed, the user will receive the following prompt

HM_CloseAcct_03

4. Thereafter Do Not Use the Account  for 270 days since use of the account will reactivate the Hotmail type account, nullify the original closure request and require the valid account holder to repeat the entire account closure process.

Comments:

  • The Windows Live ID associated with the Hotmail account will not be closed after 270 days of account inactivity
  • The Windows Live ID associated with a Hotmail account will only be deleted after 365 days of inactivity from the date of a valid account closure request. (After 365 days the Live ID username may be available for your or another’s use.  Fyi – the term ‘may be available’ should not be interpreted in the absolute sense).
  • The ‘Close Your Account’ dialog box mentions that a  Hotmail email address may be available for reuse after 270 days of inactivity. Since it takes 365 days (or even longer) for a Live ID (also your email address) to be deleted it would seem doubtful that ‘available for reuse’ has any practical meaning until at least 365 days of inactivity.

Supplemental Information:  (What Not To Do)

(Note: editor/winston) This section ‘Supplemental Information: What Not To Do’ was included for one primary reason. Searching the internet (Google, Bing, etc) yields a variety of articles with directions explaining ‘How to close a hotmail account’ – while some are valid,  too many have not been updated with current data (270 day inactivity requirement – some reference 120 days; pointing to the Live ID account information page – reason explained below; not differentiating or explaining the difference between a Hotmail account, Live ID account and/or 3rd party Live ID accounts)

  • Do not use the ‘Close your account’ option available on the bottom of the Live ID Account information page (https://account.live.comto close a Hotmail type account.  This option can be used for closing a third party email address registered as a Live ID, i.e. no Hotmail account/Inbox – e.g. yahoo.com, gmail.com, your-isp.com or similar email addresses which can be registered as a Live ID)

HM_AcctInfoCloseOption

a. Attempting to use the Live ID Account information  ‘Close your account’ option for a Hotmail account will yield the following page/prompt (as promising as the notice may appear to be, for a Hotmail account, it will not work)

HM_CloseLiveIDAcct_00

b. Subsequent entry of an active Hotmail Windows Live ID and clicking ‘Yes’ generates the following page/prompt [Cannot close] for a Hotmail type account.

HM_CanNotCloseLiveAcct_01

Reference Material:

Revisions:

May 21, 2011: Original Draft Date

May 23, 2011: Original Published Date

Windows Live Hotmail – Junk Email Filter Override

Summary:

  • Windows Live Hotmail does not provide an option to turn off the the built-in Junk Email Filter
  • Overriding the Hotmail Junk Email Filter can be accomplished by use of rule configured in the web interface

Background Information:

  • Windows Live Hotmail provides two selectable filter options (Standard and Exclusive) for handling Junk Email and neither option has the ability to override (turn off) the Junk Mail Filter.

HM_JMFilterOptions

    • Overriding the Hotmail Junk Email Filter may be advantageous for those operating under or desiring the following conditions:
  1. Hotmail accounts configured to use Pop3 protocol in a desktop email client which only retrieves the contents of the Inbox from the account’s web server Inbox
  2. Hotmail accounts using the web interface and preferring all email delivery to the Inbox while still retaining the ‘Safety Features’ of the Hotmail which in most cases will continue to block attachments, pictures and links until the content is approved (for viewing) by the user (i.e. Show Content, or Always show content from the sending email address)
  3. Persons using the social media features of their Windows Live Profile where it’s desirable that all  ‘Friend Invitations’ are delivered to the account’s web server Inbox (instead of the Junk Mail Folder)
  4. Hotmail accounts used as a mechanism to aggregate other pop3 email accounts’ incoming email to the Hotmail Inbox
  5. Hotmail accounts that are configured to forward all incoming email to another Hotmail account or 3rd party provider email account (e.g. primary ISP email account or other web account provider)

Method (to Override):

1. Overriding the Hotmail Junk Email Filter requires the use of  a simple rule which can be created in the Hotmail options section. The steps to create the rule are as follows:

a. Sign-in to the Hotmail account at http://mail.live.com or http://hotmail.com

b. Access the Hotmail Options located in the upper right in the Hotmail web interface (see pic 1 below)

c. Select More Options then Rules for Sorting New Messages (pic 2)

HM_ByPassJM_MoreOptions  (pic 1)   =======>>>>>> HM_ByPassJM_RulesOption  (pic 2)

2. Select ‘New‘ under ‘Rules for sorting new messages‘  (pic3)

HM_ByPassJM_RulesNew (pic 3)

3. Create a new rule of the form Sender’s Address contains @  (Step 1 in pic 4) then select  Move to Inbox (Step 2)

HM_ByPassJM_RulesCommand(pic 4)

4. Save the rule prior to exiting the rules options and returning to the Inbox

Comments:

  • Credit for this method is compliment of one of my oldest friends from the early beta days of MSN (circa 1995). Thanks Snork!!!!  for doing all the leg work in testing and validating the above rule.
  • Credit for testing the applicability of the rule for ‘Friend Invitations’ to both Amber and Erin (Thanks Ladies!!! )
  • If other rules are in place/configured to move incoming messages to another Hotmail web folder or subfolder within the account, then ensure the above rule is the first rule created in a series of rules since rules created last apparently operate first in the hierarchy of all rules.
  • Overriding the Hotmail Junk Mail filter increases the risk of undesirable mail being delivered to the account Inbox thus caution is warranted when opening or clicking on links in any unsolicited email.
  • Overriding the Hotmail Junk Mail filter increases the risk of undesirable mail being delivered to a local email client (e.g. Windows Live Mail or Outlook) used to retrieve Hotmail account messages when the Hotmail account is configured to use the POP3 protocol (only Inbox messages are retrieved from the Hotmail server) thus caution is warranted when opening or clicking on links in any unsolicited email
  • Always ensure that a capable Antivirus/Antimalware scanner is active on your pc (e.g. Microsoft Security Essentials)

Revisions:

May 4, 2011: Original Published Date

Windows Live Hotmail – Email Forwarding

Summary:

  • Windows Live Hotmail now provides the ability to forward messages from a Hotmail type account to one other email address
  • Forwarding is possible to another Hotmail type account(email address) or a third party email address
  • Hotmail type accounts are of the form Hotmail.com, Live.com, Msn.com etc.(This also includes other country specific derivatives of the same domain(e.g. Hotmail.nl, Live.de, Msn.uk.co)
  • Forwarding is capable from Hotmail, Hotmail Plus, and MSN Premium(primary and subaccounts)
  • Hotmail account holders now have the option to retain a copy of forwarded messages in the Hotmail account’s inbox
    Reference:

1. Windows Live Solution Center – Sending and Receiving Mail

  Thread Title: ‘forwarding my emails from my hotmail account to another email’

2. ‘Live Views’ – by vasudev Windows Live MVP

  Post Title: ‘Forward messages in the New Hotmail to any mail account now available to all – Restrictions removed

 

Instructions:

  •   1. Sign-in to http://mail.live.com to access your account.
  •   2. In the upper-right corner of the Windows Live Hotmail home page click Options, then More options on the drop down menu.

W4_HM_FwdMoreOptions

  •   3. Under ‘Managing your account’, click ‘Email Forwarding’ to access the forwarding options to add another e-mail account.  One can forward mail to **one** other email account.

W4_HM_FwdManageAcctOptions

  •   4. Click the radio option ‘Forward your mail to another email account’
  •   5. Enter the email address where messages should be forwarded in the dialog box titled ‘Where do your want your messages to be sent?
  •   6. To retain a copy of forwarded messages in your Hotmail Inbox check the item ‘Keep a copy of forwarded messages in your Windows Live Hotmail inbox’.
  •   7. Click Save

W4_HM_FwdAddEmailAcct

 

Comments:

  • This feature (Hotmail Forwarding) did not receive much publicity from Microsoft or the Windows Live Team. Quite a few internet search engines continue to primarily yield articles stating a Hotmail Plus account is required which (as the July 2010) is no longer correct.
  • Support for Windows Live Hotmail can be obtained  in the Windows Live Solution Center
  • Questions regarding Hotmail ‘Forwarding’ should be posted in the Sending and Receiving Mail Forum

 

Revisions:

Aug 15, 2010: Draft Version  – which sat in abnormal obscurity in the ‘assumption laboratory’ for too long 😦

Dec 8, 2010 : Original Publish Date  ( Enjoy! <vbg> )

Creating Nested Folders(Subfolders) in Windows Live Hotmail

 

Summary:

  • Nested Folders(Subfolders), folders inside of folders, are available for all Windows Live Hotmail type accounts
  • Windows Live Hotmail ‘type accounts’ are accounts of the form Hotmail.com, Live.com, Msn.com and other country specific derivatives of the same domains(e.g.– Hotmail.co.uk, Hotmail.de, Live.nl, Live.fr, Msn.ca, etc.)
  • Nested Folders(Subfolders) can be created for Hotmail type accounts in the Hotmail web interface
  • Nested Folders(Subfolders) can be created for Hotmail type accounts in Windows Live Mail
  • Nested Folders(Subfolders) can be created inside of any folder(new or existing folders/subfolders including the Deleted folder) in the Hotmail web interface ( http://mail.live.com or http://hotmail.com )
  • Nested Folders(Subfolders) can be created inside of any folder(new or existing folders/subfolders except the root Deleted Items folder) in Windows Live Mail
  • Nested Folders(Subfolders) for Hotmail type accounts synchronize between the Hotmail web interface and Windows Live Mail client(in either direction). Synchronization in Windows Live Mail requires the Hotmail account to be configured to use the Http/DeltaSync protocol, not Pop3).
  • Nested Folders(Subfolders) can not be moved from one folder to another folder in the Hotmail web interface
  • Nested Folders(Subfolders) can be moved from one folder to another folder in Windows Live Mail

Reference:

1. Inside Windows Live
     More Hotmail Updates on the way

Quoted Print:
Organize and find important email with Subfolders
If you like to use folders to organize your important emails and find them more quickly later, you have something in common with nearly 100 million other Hotmail “filers”. The new Hotmail lets you create folders inside of folders to more precisely manage your email, making it easier to quickly find an important message you’ve filed away.

2. Windows Live Solution Center
      Nested Folders (Sub folders) in Windows Live Hotmail

Quoted Print:
Customers will be able to create nested folders (sub folders) under their new/existing folders and also synchronize their sub folders that already exist in their mail clients with Hotmail web experience.

Points to remember:
• Nested folders can be created inside of any folder, including the Deleted items folder.

• When a folder is deleted, Hotmail will move all the messages in the folder and any sub folders of the folder into Deleted items and permanently delete the folders. 

• A sub folder cannot be moved from one parent folder to another parent folder

 

Instructions:

The following illustrates creation of a top level folder(Friends) and nested subfolders within the ‘Friends’ folder

  •   Logon to the Hotmail web interface with a Hotmail type account Live ID
  •   To create the top level folder → Click ‘New folder’   

  W4_HM_NestedFolder_NewFolder

  •   Enter a name for the folder in the ‘Folder Name’ field (e.g. Friends) then click ‘Save

W4_HM_NestedFolder_CreateSave_TopLevel

  • To create the nested folder (subfolder)  →  Click ‘New folder’, enter a ‘Folder Name’  for the nested folder(subfolder) [e.g. Alice],  then scroll and select ‘Friends’ in the ‘Create in:’ option, finally Click ‘Save

W4_HM_NestedFolder_CreateSave_Nested

  • If desired, repeat the above steps to create additional subfolders(see below pic)

W4_HM_NestedFolder_CreateDone

 

Hotmail type accounts in Windows Live Mail after Synchronization:

  • Folders and Nested Folders(Subfolders) created in the Hotmail web interface will be mirrored in the respective Windows Live Hotmail account when setup in Windows Live Mail (Version 2011 and 2009)
  • Likewise, Folders and Nested Folders(Subfolders) created in Windows Live Mail will be mirrored in the Hotmail web interface

Note: For the above to occur the Hotmail account must be setup and configured to use the Http (DeltaSync) Protocol.  Folder synchronization between the Hotmail web interface and the Hotmail account in Windows Live Mail(or vice versa) is not possible if the Hotmail account is setup/configured for the Pop3 protocol.

W4_HM_AcctViewedInWLMail

  • Unlike the Hotmail web interface, existing folders/nested folders(subfolders) can be moved(relocated) to other folders in Windows Live Mail(2011 and 2009). To move an existing user created folder or nested folder in Windows Live Mail, select a folder and drag it to the new location.

W4_HM_SelectFolderInWLMail W4_HM_FolderMovedInWLMail

 

  • Side by Side Comparison (Hotmail and Windows Live Mail)

W4_HM-WLM_FoldersAfterSyncl

 

 

Revisions:

Sept 24, 2010: Created original draft

Nov 18, 2010: Original Publish Date

  

 

Clubhouse Tags: Clubhouse, How-To, Hotmail, Hotmail Plus, Mail, Windows Live

Windows Live Hotmail Vacation Replies Re-Enabled

 

Summary:

  • Effective October 2010 the Windows Live Hotmail ‘Vacation Reply’ function was restored for Hotmail accounts
  • Restoration is based on prior Hotmail usage with an established credibility in the Hotmail system(see ‘Quoted Print’ below’
  • This feature was previously turned off in April 2010 to address spammers use of the feature to distribute spam
  • This article supersedes a previous article dated April 9, 2010

Reference:

Windows Live Solution Center –  Hotmail Solution Notification

http://windowslivehelp.com/solution.aspx?solutionid=ab36f2fd-92ca-465a-9df4-10e36a57a2bc

   Quoted Print:

   <qp>

We have now fixed the problem and turned vacation replies back on. As part of the solution, though, we’re limiting it to customers who have been using Hotmail for some time and established credibility in the system.

   </qp>

Additional Information:

To set up an automatic vacation reply:
1. Sign in to the Windows Live Hotmail website at http://mail.live.com or http://hotmail.com (both links resolve to the same location)
2. In the upper-right corner of the page, click Options, and then click More options.
3. Look under ‘Managing your account’ then click ‘Sending automated vacation replies’.
4. Click ‘Send vacation replies to people who e-mail me’
5. In the provided text box, enter the message you’d like to send while away. To limit responses to your Live Contacts check the provided option ‘Only reply to your contacts’.  Once complete, click ‘Save’.

To turn off an automatic vacation reply:
6. To stop using the vacation reply, repeat above steps 1 through 3 and click ‘Don’t send any vacation replies’  and then click Save.

Note: If the vacation reply feature is enabled, after logging on to your Hotmail account, a notification will be present(at the top of the Inbox)to remind the user to disable(turn off) the feature when no longer warranted.

Revisions:

October 21, 2010: Original Draft date

November 15, 2010: Original Publish date

 

Clubhouse Tags: Clubhouse, How-To, Hotmail, Hotmail Plus, Windows Live

Windows Live Hotmail – Wave 4 Announced

Summary:

  • Windows Live Hotmail Wave 4 was announced earlier today (May 17. 2010)
  • Windows Live Hotmail Wave 4 Features availability is currently planned for this summer *
  • Reference links below contain additional information

* Windows Live Hotmail initial Wave 4 features were reported complete on Aug 3, 2010, with additional features planned for the future. Links below now direct to current content – Editor)

Reference:

Re-inventing Windows Live Hotmail

The new Hotmail is rolling out out now!

The new Hotmail is now available to everyone

 

Comments:

1. The Windows Team Blog – ‘Inside Windows Live’ site is the suggested site for future information

2. Note: Windows Live Hotmail is a browser based web interface(not to be confused with Windows Live Mail a desktop email client)

Revisions:

May 17, 2010: Original Publish Date

April 4, 2011: Updated obsolete links

Windows Live Tags: Hotmail, Hotmail Plus, Windows Live