Security researchers from ESET warn of a phishing campaign targeting Hotmail users, which produces emails signed in the name of a Microsoft program manager.The rogue emails bear a subject of "Alert - Reset your Windows Live password" and appear as if they were sent to a firstname.lastname@example.org address.
The message is poorly formulated and does not direct users to an external phishing website, like most attacks of this type do.
Instead it asks recipients to fill in their username, password, date of birth and country in a static form and send it back. It reads:
"This is in conjunction with Microsoft Account Users. We are having congestion due to the anonymous Scam coming into Windows Live Account so we are shutting down some Accounts and your account is among those to be deleted.
"We are sending you this email so that you can re-confirm your account information to enable us to upgrade your account from being deleted. If you are still interested in using your Account kindly re-confirm your account by filling in the spaces below."
The emails have a very professional feel to them because they were created based on an official communication from Microsoft.
The phishers kept the original signature in place, which belongs to Hotmail Partner Group Program Manager, Dick Craddock, in order to give more legitimacy to the messages. They also contain Mr. Craddock's real picture.
There are some other leftover elements as well. For example, there is a reference at the end reading "Worldwide Com Score Media Report, February 2010, Unique Visitors," which was probably relevant for the original text.
"There may be some very rare exceptions, but as a rule, there are only two types of people who ask you for your password – Thieves and idiots. Never, give out your passwords," advises Randy Abrams, director of technical education at ESET.