Outline Spam emails invite recipients to "Click here to see the attached photos", "Click here to see the attached video", "Click here to read this message" and other similar messages.
This is an ongoing spam campaign designed to steal Windows Live login details and/or trick users into participating in online survey scams or visit websites that harbour malware. The criminals use the stolen information to hijack Windows Live accounts and use them to send further scam and malware messages.
For several months spam emails like the ones shown above have been hitting inboxes around the world. The emails arrive with a variety of brief and usually meaningless subject lines and contain only a hyperlink rendered in a large font.
The messages are part of an ongoing campaign that apparently has multiple criminal purposes. Many of the links open a fake login website designed to closely resemble a genuine Windows Live sign in page:
If recipients fall for this ruse and enter their login details, their Windows Live accounts are subsequently hijacked and used to blast out more of the same spam messages to people included on the account's contact list. After supplying their login details, some users will then be redirected to compromised websites that contain various types of malware. In other cases, they will instead be taken to a survey scam website that promises them the chance to win free products such as computer equipment in exchange for participating in various "surveys" or "offers".
Some of the "survey" pages ask users to provide personal information including name, address and contact details, ostensibly to allow them to go in the draw for a prize. Others invite them to download dubious toolbars, games or software. Still others will claim that users must provide their mobile phone number - thereby subscribing to absurdly expensive text messaging services - in order to get the results of a survey or go in the running for a prize.
No matter how many offers or surveys they complete, or what services they subscribe to, victims will never receive their promised free gift or even a genuine competition entry. The scammers who create these bogus promotions will earn commissions via suspect affiliate marketing schemes each and every time a victim completes an offer or participates in a survey. Victims may also be faced with large phone bills for unwanted mobile phone services and, because they have provided name and contact details, they may be inundated with unwanted promotional emails, phone calls and junk mail.
Subject lines in these scam emails vary considerably. The text of the malicious links in the emails also varies and may be different than the examples included here. Some versions of the scam emails seem to bypass the initial phishing scam page and go directly to the malware or survey scam websites. The malicious links also incorporate the email address of the account receiving the scam messages. This means that clicking the links can not only open a scam website, but can also "verify" the email address as valid thereby leading to further increases in email spam.
If you receive one of these messages, do not click on the link it contains. Simply delete it.