Phishing in the Microsoft Windows Live Hotmail Pond

Summary:

A variety of email phishing methods are employed in an attempt to harvest Hotmail usernames and  passwords. Phishing attempts may give the impression that the source of the email actually originated from Microsoft.

Background:

A phishing attempt is a form of identity theft (an attempt to obtain *your* personal information). The example below shows a fake email message attempt to obtain (phish) your Hotmail username and password.

HM_PhishScam_00

The message may have been delivered through the Hotmail servers (arriving in your Inbox) but not actually originating from Hotmail or Microsoft.

Inspection of the message’s headers often provides many clues on the source and location of the fake message. The example below highlights (within red triangle)  a few of these clues.

HM_PhishScam_02

Also of importance the message header’s content may be falsified by the originating phishing source.

How To:

 To view the message source/headers of a message received  in your Hotmail account in the Hotmail web user interface.

  • Single or Double Click on the message (to display it)
  • Look in the upper right of the message for the ‘Reply’ option
  • Click on the downward arrow adjacent and to the right of the ‘Reply’ option
  • Scroll down and select ‘View Message Source’

Comments:

  1. First and foremost – Be careful out there!  If uncertain, be suspicious.
  2. For additional knowledge and information see these Microsoft articles.

Email and Web Scams: How to help protect yourself

http://www.microsoft.com/security/online-privacy/phishing-scams.aspx

Win the Battle against email fraud

http://blogs.msdn.com/b/securitytipstalk/archive/2012/03/20/win-the-battle-against-email-fraud.aspx

How to recognize phishing email messages, links or phone calls

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Revisions:

May 15, 2012:  Draft version

May 21, 2012: Original Publish Date

June 8, 2012: Added comments and ‘view message source’ instructions for the Hotmail web interface

Windows Live Hotmail – Junk Email Filter Override

Summary:

  • Windows Live Hotmail does not provide an option to turn off the the built-in Junk Email Filter
  • Overriding the Hotmail Junk Email Filter can be accomplished by use of rule configured in the web interface

Background Information:

  • Windows Live Hotmail provides two selectable filter options (Standard and Exclusive) for handling Junk Email and neither option has the ability to override (turn off) the Junk Mail Filter.

HM_JMFilterOptions

    • Overriding the Hotmail Junk Email Filter may be advantageous for those operating under or desiring the following conditions:
  1. Hotmail accounts configured to use Pop3 protocol in a desktop email client which only retrieves the contents of the Inbox from the account’s web server Inbox
  2. Hotmail accounts using the web interface and preferring all email delivery to the Inbox while still retaining the ‘Safety Features’ of the Hotmail which in most cases will continue to block attachments, pictures and links until the content is approved (for viewing) by the user (i.e. Show Content, or Always show content from the sending email address)
  3. Persons using the social media features of their Windows Live Profile where it’s desirable that all  ‘Friend Invitations’ are delivered to the account’s web server Inbox (instead of the Junk Mail Folder)
  4. Hotmail accounts used as a mechanism to aggregate other pop3 email accounts’ incoming email to the Hotmail Inbox
  5. Hotmail accounts that are configured to forward all incoming email to another Hotmail account or 3rd party provider email account (e.g. primary ISP email account or other web account provider)

Method (to Override):

1. Overriding the Hotmail Junk Email Filter requires the use of  a simple rule which can be created in the Hotmail options section. The steps to create the rule are as follows:

a. Sign-in to the Hotmail account at http://mail.live.com or http://hotmail.com

b. Access the Hotmail Options located in the upper right in the Hotmail web interface (see pic 1 below)

c. Select More Options then Rules for Sorting New Messages (pic 2)

HM_ByPassJM_MoreOptions  (pic 1)   =======>>>>>> HM_ByPassJM_RulesOption  (pic 2)

2. Select ‘New‘ under ‘Rules for sorting new messages‘  (pic3)

HM_ByPassJM_RulesNew (pic 3)

3. Create a new rule of the form Sender’s Address contains @  (Step 1 in pic 4) then select  Move to Inbox (Step 2)

HM_ByPassJM_RulesCommand(pic 4)

4. Save the rule prior to exiting the rules options and returning to the Inbox

Comments:

  • Credit for this method is compliment of one of my oldest friends from the early beta days of MSN (circa 1995). Thanks Snork!!!!  for doing all the leg work in testing and validating the above rule.
  • Credit for testing the applicability of the rule for ‘Friend Invitations’ to both Amber and Erin (Thanks Ladies!!! )
  • If other rules are in place/configured to move incoming messages to another Hotmail web folder or subfolder within the account, then ensure the above rule is the first rule created in a series of rules since rules created last apparently operate first in the hierarchy of all rules.
  • Overriding the Hotmail Junk Mail filter increases the risk of undesirable mail being delivered to the account Inbox thus caution is warranted when opening or clicking on links in any unsolicited email.
  • Overriding the Hotmail Junk Mail filter increases the risk of undesirable mail being delivered to a local email client (e.g. Windows Live Mail or Outlook) used to retrieve Hotmail account messages when the Hotmail account is configured to use the POP3 protocol (only Inbox messages are retrieved from the Hotmail server) thus caution is warranted when opening or clicking on links in any unsolicited email
  • Always ensure that a capable Antivirus/Antimalware scanner is active on your pc (e.g. Microsoft Security Essentials)

Revisions:

May 4, 2011: Original Published Date

Windows Live Hotmail – Email Forwarding

Summary:

  • Windows Live Hotmail now provides the ability to forward messages from a Hotmail type account to one other email address
  • Forwarding is possible to another Hotmail type account(email address) or a third party email address
  • Hotmail type accounts are of the form Hotmail.com, Live.com, Msn.com etc.(This also includes other country specific derivatives of the same domain(e.g. Hotmail.nl, Live.de, Msn.uk.co)
  • Forwarding is capable from Hotmail, Hotmail Plus, and MSN Premium(primary and subaccounts)
  • Hotmail account holders now have the option to retain a copy of forwarded messages in the Hotmail account’s inbox
    Reference:

1. Windows Live Solution Center – Sending and Receiving Mail

  Thread Title: ‘forwarding my emails from my hotmail account to another email’

2. ‘Live Views’ – by vasudev Windows Live MVP

  Post Title: ‘Forward messages in the New Hotmail to any mail account now available to all – Restrictions removed

 

Instructions:

  •   1. Sign-in to http://mail.live.com to access your account.
  •   2. In the upper-right corner of the Windows Live Hotmail home page click Options, then More options on the drop down menu.

W4_HM_FwdMoreOptions

  •   3. Under ‘Managing your account’, click ‘Email Forwarding’ to access the forwarding options to add another e-mail account.  One can forward mail to **one** other email account.

W4_HM_FwdManageAcctOptions

  •   4. Click the radio option ‘Forward your mail to another email account’
  •   5. Enter the email address where messages should be forwarded in the dialog box titled ‘Where do your want your messages to be sent?
  •   6. To retain a copy of forwarded messages in your Hotmail Inbox check the item ‘Keep a copy of forwarded messages in your Windows Live Hotmail inbox’.
  •   7. Click Save

W4_HM_FwdAddEmailAcct

 

Comments:

  • This feature (Hotmail Forwarding) did not receive much publicity from Microsoft or the Windows Live Team. Quite a few internet search engines continue to primarily yield articles stating a Hotmail Plus account is required which (as the July 2010) is no longer correct.
  • Support for Windows Live Hotmail can be obtained  in the Windows Live Solution Center
  • Questions regarding Hotmail ‘Forwarding’ should be posted in the Sending and Receiving Mail Forum

 

Revisions:

Aug 15, 2010: Draft Version  – which sat in abnormal obscurity in the ‘assumption laboratory’ for too long :(

Dec 8, 2010 : Original Publish Date  ( Enjoy! <vbg> )

Creating Nested Folders(Subfolders) in Windows Live Hotmail

 

Summary:

  • Nested Folders(Subfolders), folders inside of folders, are available for all Windows Live Hotmail type accounts
  • Windows Live Hotmail ‘type accounts’ are accounts of the form Hotmail.com, Live.com, Msn.com and other country specific derivatives of the same domains(e.g.– Hotmail.co.uk, Hotmail.de, Live.nl, Live.fr, Msn.ca, etc.)
  • Nested Folders(Subfolders) can be created for Hotmail type accounts in the Hotmail web interface
  • Nested Folders(Subfolders) can be created for Hotmail type accounts in Windows Live Mail
  • Nested Folders(Subfolders) can be created inside of any folder(new or existing folders/subfolders including the Deleted folder) in the Hotmail web interface ( http://mail.live.com or http://hotmail.com )
  • Nested Folders(Subfolders) can be created inside of any folder(new or existing folders/subfolders except the root Deleted Items folder) in Windows Live Mail
  • Nested Folders(Subfolders) for Hotmail type accounts synchronize between the Hotmail web interface and Windows Live Mail client(in either direction). Synchronization in Windows Live Mail requires the Hotmail account to be configured to use the Http/DeltaSync protocol, not Pop3).
  • Nested Folders(Subfolders) can not be moved from one folder to another folder in the Hotmail web interface
  • Nested Folders(Subfolders) can be moved from one folder to another folder in Windows Live Mail

Reference:

1. Inside Windows Live
     More Hotmail Updates on the way

Quoted Print:
Organize and find important email with Subfolders
If you like to use folders to organize your important emails and find them more quickly later, you have something in common with nearly 100 million other Hotmail “filers”. The new Hotmail lets you create folders inside of folders to more precisely manage your email, making it easier to quickly find an important message you’ve filed away.

2. Windows Live Solution Center
      Nested Folders (Sub folders) in Windows Live Hotmail

Quoted Print:
Customers will be able to create nested folders (sub folders) under their new/existing folders and also synchronize their sub folders that already exist in their mail clients with Hotmail web experience.

Points to remember:
• Nested folders can be created inside of any folder, including the Deleted items folder.

• When a folder is deleted, Hotmail will move all the messages in the folder and any sub folders of the folder into Deleted items and permanently delete the folders. 

• A sub folder cannot be moved from one parent folder to another parent folder

 

Instructions:

The following illustrates creation of a top level folder(Friends) and nested subfolders within the ‘Friends’ folder

  •   Logon to the Hotmail web interface with a Hotmail type account Live ID
  •   To create the top level folder → Click ‘New folder’   

  W4_HM_NestedFolder_NewFolder

  •   Enter a name for the folder in the ‘Folder Name’ field (e.g. Friends) then click ‘Save

W4_HM_NestedFolder_CreateSave_TopLevel

  • To create the nested folder (subfolder)  →  Click ‘New folder’, enter a ‘Folder Name’  for the nested folder(subfolder) [e.g. Alice],  then scroll and select ‘Friends’ in the ‘Create in:’ option, finally Click ‘Save

W4_HM_NestedFolder_CreateSave_Nested

  • If desired, repeat the above steps to create additional subfolders(see below pic)

W4_HM_NestedFolder_CreateDone

 

Hotmail type accounts in Windows Live Mail after Synchronization:

  • Folders and Nested Folders(Subfolders) created in the Hotmail web interface will be mirrored in the respective Windows Live Hotmail account when setup in Windows Live Mail (Version 2011 and 2009)
  • Likewise, Folders and Nested Folders(Subfolders) created in Windows Live Mail will be mirrored in the Hotmail web interface

Note: For the above to occur the Hotmail account must be setup and configured to use the Http (DeltaSync) Protocol.  Folder synchronization between the Hotmail web interface and the Hotmail account in Windows Live Mail(or vice versa) is not possible if the Hotmail account is setup/configured for the Pop3 protocol.

W4_HM_AcctViewedInWLMail

  • Unlike the Hotmail web interface, existing folders/nested folders(subfolders) can be moved(relocated) to other folders in Windows Live Mail(2011 and 2009). To move an existing user created folder or nested folder in Windows Live Mail, select a folder and drag it to the new location.

W4_HM_SelectFolderInWLMail W4_HM_FolderMovedInWLMail

 

  • Side by Side Comparison (Hotmail and Windows Live Mail)

W4_HM-WLM_FoldersAfterSyncl

 

 

Revisions:

Sept 24, 2010: Created original draft

Nov 18, 2010: Original Publish Date

  

 

Clubhouse Tags: Clubhouse, How-To, Hotmail, Hotmail Plus, Mail, Windows Live

Follow

Get every new post delivered to your Inbox.

Join 45 other followers