Phishing attack against MSN/Hotmail users – a new year, but old tricks still persist

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

MSN and HotmailIt’s a brand new year and you would like to think that computer users are getting smarter about securing their systems, and not falling for the age-old tricks used by cybercriminals.

However, we still see our fair share of elementary unsophisticated attacks designed to steal credentials from the unwary.

Take this example, an email which claims to come from the “Windows Live Team” and warns Hotmail/MSN users that their account is at risk of immediate closure after different computers logged into it, and multiple attempts were made to guess the password:

Simple email phishing attack

Sign up to our free newsletter.
Security news, advice, and tips.

Part of the email reads:

VERIFY THIS EMAIL ADDRESS TO AVOID IMMEDIATE CLOSURE

We have recently confirmed that different computers have logged onto your Hotmail and Msn account and multiple password errors have been entered. We are hereby suspending your account; as it has been used for fraudulent purposes.. Now we need you to reconfirm your account information to us. Click your reply tab, fill in the columns below and send it back to us or your email account will be suspended permanently.

The email, which has the subject line “CONFIRMATION ALERT RESET (2013)” and comes from an unofficial-looking @msn.com email address, urges the user to reply via email with their full name, username, password, date of birth, and country in order to confirm their identity.

In case that seems a little brusque, the would-be thieves who spammed out this email provided some helpful tips at the end of the email about managing email accounts.

Of course, Microsoft would never ask you to confirm your identity in this fashion – especially not by sending your password in an (unencrypted) email.

But less security-savvy computer users might be duped into believing it is true, and respond with all the information the cybercriminals want, before having a chance to think twice.

It’s a highly unsophisticated attack – but if it works against just a small number of people that the spammers send it out to, what does that matter?

Don’t be a cybercrime statistic, make sure that you, your friends and your family are wise to such tricks and don’t share your login information with anybody.

Hat-tip: Thanks to reader Jack for forwarding us this phishing email.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.