Enter your email address to subscribe to the Hoax-Slayer Newsletter:
Last updated: August 13, 2012
First published: August 13, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
From: Microsoft Cyber-crime Dept
Subject: Microsoft Cyber-crime Dept validate your account
Dear mail user,
As part of the security measures to secure all email users across the world,
All email users are mandated to have their account details registered as requested
by the Microsoft Cyber-crime Dept ( M C D ) . You are here by required to validate your
account within 24 hours so as not to have your email account suspended and deleted
from the world email server.
Kindly validate your email account to have your account registered,
follow d link below:
Copyright © 2012 Microsoft Inc. All rights reserved
This email, which purports to be from the Microsoft Cyber-Crime Department and comes complete with a seemingly official Microsoft Digital Crimes Unit logo, claims that all email users across the world must validate their account or risk having it "suspended and deleted from the world email server". Recipients are instructed to click a link in the message in order to register and validate their email account.
However, the email is a phishing scam. It is certainly not from any entity named the Microsoft Cyber-Crime Department and has no connection with Microsoft whatsoever. The Microsoft Digital Crimes Unit is real, but its name and logo have been stolen and misused in this scam message only to make the scammer's outlandish claims seem a little more plausible.
Those who are taken in by the claims in the email and click the link as instructed will be taken to a bogus website and asked to login to their email account by supplying an email address, username and password. But, this action will not validate their accounts and avoid account suspension as expected but will instead send the submitted account credentials directly to the criminals responsible for this phishing attack. Once they have collected the submitted information, the scammers can then use it to hijack the compromised email accounts and use them to steal further information and send out more scam and spam emails to the people in the account's address book. Any emails sent from such compromised accounts will appear to have been sent by the account owners rather than by the hijackers.
Of course, any user with even a basic knowledge of computing and the Internet would quickly realize that, while Microsoft is certainly a large and powerful company, it has no jurisdiction whatsoever over email account holders that do not use Microsoft's own email services. It certainly does not hold any sort of mandate to request information from "all email users" nor does it have any authority to delete accounts at random. And, of course, there is obviously not just one "world email" server". However, while this scam email may be quite transparent to many recipients, there are still a significant number of users that are new to computers and the Internet and may be taken in by such claims. Scam attempts just as absurd as this still manage to reap new victims around the world every day.
Phishing Scams - Anti-Phishing Information
Microsoft Digital Crimes Unit
Friend Stranded in Foreign Country Scam Emails
In My Opinion, Most Scam Victims are Naive, Not Stupid