Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Windows Live - Hotmail Account Closure Phishing Scam

Emails purporting to be from Windows Live - Hotmail Customer Care claim that the recipient must confirm his or her Windows Live account by replying with account login details within a specified time frame or risk having the account closed down. Alternative versions instruct users to click a link to supply login details.

Windows Live Hotmail Phishing

© Shevchuk

Brief Analysis
The emails are not from Windows Live. In fact, they are phishing scams designed to trick recipients into submitting their account login details to Internet criminals.

Bookmark and Share


(Submitted, July 2013)
Subject: Email will be closed

Windows Live Team Hotmail Customer Care

Due to congestion in all Windows Live Mail user accounts, Windows Live would be shutting down several accounts as your email address needs to be added to the new Windows Live database. We programed to stop and delete unused email account, you may permanently stop receiving messages to this Email address if not verified.

Kindly verify and let us know if your account is still valid. following the link below to avoid being closed of your account

[Link Removed] This back up is necessary for update and to avoid blocking of your account. If you do not respond to this message. you will lose your account permanently.

Thank you for your usual co-operation. We apologize for the inconvenience.

Member Service Team

(Submitted, February 2012)
Subject: Disruptive Virus Alert

Windows Live Hotmail Essentials

Dear Account User,

Special notification email messaging from Windows Microsoft™

This Email is from Msn-Live-Hotmail Customer Care™ and we are sending it to all Msn-Live-Hotmail Accounts Owner for safety. We are having congestion due to the anonymous registration of Msn-Live-Hotmail accounts so we are shutting down some Msn-Live-Hotmail accounts and your account is among those to be deactivated. We are sending this email to you so that you can verify and let us know if this account is still valid? If it is, The following information is needed to verify your account: Your User name, password, date of birth your country information.

Click on the reply button and fill in your information:

User Name:....................................
Date of Birth :...............................
Country or Territory........................

Warning!!! Account owner that fails to verify his/her account after two weeks of receiving this warning will lose his or her account permanently.

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconvenience.

Warning!!! Account owner that refuses to update his/her account after 24 Hours of receiving this warning will lose his or her account permanently

(Submitted, December 2009)
Subject: Windows Live Hotmail Alert!!!


Dear Account Owner

This Email is from Hotmail Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.

Confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons.

* Username: ................................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: .................

The Windows Live Hotmail Team.

Detailed Analysis

These emails, which purport to be from Windows Live, claims that the recipient must reply within 24 or 48 hours or his or her account may be shut down. According to the message Windows Live - or Hotmail in earlier versions - is "having congestions" due to anonymous registrations and the service needs to delete some accounts to overcome this problem. In order to avoid this imminent account closure, the recipient is instructed to reply to the email and supply his or her account username and password, along with other details. An alternative version instructs users to click a link rather than reply to the email.

The emails are not from Hotmail or Windows Live. Instead it is a phishing scam designed to steal Windows Live account login details. Those who supply these details as requested will not be verifying their account as they expect. Instead they will be handing over access to their Windows Live accounts to unscrupulous cybercriminals who will then use it for their own nefarious purposes.

One of the main aims of scammers in hijacking accounts in this way is to gain access to the compromised account's contact list. Once in the hijacked account, the scammers can then send further scam emails to those on the account's contact list that pretend to be from the real account holder. For example, they can send emails in the account holder's name that falsely claim that he or she has become stranded in a foreign country due to a robbery or baggage handling mishap. These emails ask the recipient to send money to help their hapless friend get home. Because the messages are being sent from the hacking victim's own webmail address and are likely to include his or her real name and email signature, at least a few recipients are likely to believe the claims in the email and send money as requested. Of course, the friend is not really stranded overseas and any money sent will be pocketed by scammers. At this early stage of the scam, the real owner of the compromised account may not even be aware that his or her account has been hijacked.

Scammers have used almost identical tactics to target users of other email services including Yahoo. Another, more generic, version of the scam targets users of any webmail service. Other variants take a slightly different approach by claiming that users must submit login details due to a recent system upgrade or because of a technical problem such as an exceeded account storage limit. No legitimate webmail provider is ever likely to request that users send their login details or private information via an email. Any message that makes such a request should be treated with suspicion.

Bookmark and Share

Last updated: July 17, 2013
First published: December 3, 2009
By Brett M. Christensen
About Hoax-Slayer

Friend Stranded in Foreign Country Scam Emails
Yahoo Account Phishing Scam Email
Webmail Account Phishing Scam
Email Exceeded Storage Limit Phishing Scam