Hotmail phishing: Don’t send us the wrong password or we’ll suspend your account!

Graham Cluley
Graham Cluley
@[email protected]

HotmailHave you been told to verify your Hotmail account? Did you receive a message saying that Hotmail’s email servers were congested, and so they were removing all unused accounts?

If so, I hope you responded to the email with a roll of the eyes and a quick stab of the delete button. Because if you didn’t, you might have been at risk of having your login credentials stolen.

Thanks to reader Rob, who forwarded us the following phishing email that he and others received, posing as communication from Hotmail:

Hotmail account verification - phishing email

Sign up to our free newsletter.
Security news, advice, and tips.

Part of the email reads:

We are upgrading our database to serve you better. Due to the congestion in our E-mail servers there would be removal of all unused Hotmail Account. You will have to confirm if your E-mail account is still active by filling out your information below after clicking the reply button

The email then requests that you reply with your Hotmail username, password, date of birth and country. Of course, doing so puts vital information right into the hands of the cybercriminals.

It looks like the bad guys have had some problems in the past though, with victims handing over incorrect information (how typical!):

Ensure every detail requested above is provided correctly upon receipt of this notification to enable the upgrade. Incomplete details and wrong passwords forwarded will result in suspension or closure of your account for security reasons.

The fact is, of course, that the email isn’t from Hotmail, and they would never ask you for your password. Although a simple phishing scam like this can be obvious to those of us who work in the field of computer security, there are plenty of less-savvy people out there who might be fooled into responding – and hand over the keys to their account.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.