Issue 131 - May 2012 (2nd Edition) - Page 4
Windows Live 'Account Blocked' Phishing Scam
Email claims that the recipient's Windows Live Hotmail Account has been blocked because someone may have used the account to send out junk messages. The recipient is advised to follow a link to reactivate the blocked account.
The email is not from Windows Live and the claim that the account has been blocked is untrue. The message is a phishing scam designed to trick users into submitting their Windows Live login details to cybercriminals.
Detailed analysis and references below example.
Last updated: 14th May 2012
First published: 14th May 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: E-mail account alert!
Dear [Email address removed],
This e-mail has been sent to you by Hotmail to inform you that your account has been blocked.
Why are you seeing this? Someone may have used your account to send out a lot of junk messages (or something else that violates the Windows Live Terms of Service).
We're here to help you get your account back. What do you need to do?
We'll ask you to login to our secured activation page by following the link below and re-activate your account.
[Link to bogus website removed]
If you have already confirmed your account information then please disregard this message.
Often customers get here because someone else has access to your account and are using it without your knowledge to send spam. To protect you and your contacts, we've removed any Hotmail auto-replies or linked accounts you may have had.
© 2012 Microsoft WindowsLive
According to this seemingly official "E-mail account alert" message, the recipient's Windows Live Hotmail account has been blocked and the account holder must therefore click a link to login and reactivate the account. The message rather vaguely claims that the account was blocked because it may have been sending out spam or because some other account activity has violated the Windows Live Terms of Service.
However, the message does not originate with Windows Live and the claim that the recipient's account has been blocked is utterly bogus. In fact, the message is a phishing scam
designed to steal Windows Live account details from unsuspecting users. Those who fall for the ruse and click the "re-activation" link will be taken to a fraudulent webpage that looks virtually identical to the real Windows Live sign-in page. If victims go ahead and enter their Windows Live ID and password, they will immediately be redirected to the genuine Windows Live sign-in page. Thus, users may mistakenly believe that the first sign-in failed for some reason and try again, this time on the genuine site. Alternatively, they may - again mistakenly - believe that the reactivation process has succeeded in unblocking their account and no further action is required. Either way, the scammers will have already received login details from their victims and can go ahead and hijack the compromised accounts at will.
Ironically, given the accusation levelled in the scam message, these compromised accounts are likely to be used primarily to send out further spam and scam emails. The criminals can use the stolen accounts to conduct spam and scam campaigns that cannot easily be traced back to them. Often, the hijacked accounts will be used to send emails in the account holder's name that falsely claim that he or she has become stranded in a foreign country
due to a mugging, lost passport or lost wallet. The emails ask the recipient to send money to help the stranded friend get home or overcome the supposed travel problems. Because the messages are being sent from the hijacked victim's own Windows Live account and are likely to include his or her real name and email signature, at least a few recipients are likely to believe the claims in the email and send money as requested. Of course, the friend is not really stranded overseas and any money sent will be kept by the scammers and never seen again.
This example is just one of many similar phishing scams
that have targeted Windows Live Hotmail users
. And, the very same scam has also targeted users of Yahoo
and several other email service providers
Be very cautious of any unsolicited message purporting to be from your email service provider that claims that you must click a link to verify or reactivate your account. Always go to your account to login by entering the service provider's web address in your browser rather than by clicking a link or opening an attachment in an email.
Phishing Scams - Anti-Phishing Information
Friend Stranded in Foreign Country Scam
Hotmail Account Closure Phishing Scam
Hotmail Account Deactivation Phishing Scam
Yahoo Account Phishing Scam Email
Gmail Account Phishing Scam
Bigpond Database Upgrade Phishing Scam
Pages in this issue:
- Paypal 'We Need Your Help Resolving an Issue With Your Account' Phishing Scam
- Boy Shot By Step Dad Charity Hoax
- One Direction Facebook Page Hacker Warning Message
- Windows Live 'Account Blocked' Phishing Scam
- 'Quilts in the Snow Photographs' - The Art of Simon Beck
- Shark Behind Scuba Divers Photo Hoax
- Facebook Survey Scam - Free Oakleys To All Facebook Users!
- Gang Initiation Warning Hoax - Infant Car Seat Left On Roadside
- Do Not Call - Mobile Phones Going Public Hoax
- Amazon 'Order Cancellation' Pharmacy Spam Emails
- Commonwealth Bank Phishing Scam - Online Access Suspended Message
- Circus Cruelty to Animals Protest Message - Baby Elephant Photograph
- Survey Scam - Free $1000 Walmart Gift Card Text Message
- Pharmacy Spam Emails Purport to be From YouTube
- Hoax - Picture of 'World's Largest Tortoise'
- Santander Online Banking Software Upgrade Phishing Scam
- Apple Store Account Phishing Scam
- Legitimate: 'Reminder to Update Your Legacy Blogger Account' Email