Marcelle Amelia writes on the Security Tips & Talk Blog:
We recently received an email that provided a great example of the tools in a cyberscammer’s toolbelt. Here’s the email. Can you spot the signs of a scam? Scroll down to read more.
Dear Account Owner
We are having congestion due to the anonymous registration of free Windows Live Account therefore we are shutting down some Windows Live Account. Your account is among those to be deleted, we are sending you this email to enable you re-confirm your account details in order to commence immediate upgrade of your account from being deleted. If you have the interest of proceeding your account with us kindly re-confirm your account by filling the space below after clicking the reply button. * Username: …………………………………. * Password: ………………………………….. * Date of Birth: ………………………………. * Country Or Territory: …………………….. After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences. Microsoft, Windows Live Account Services Hotmail is part of Windows Live. * This assumes a reasonable growth rate. Microsoft respects your privacy. To learn more, please read our online Privacy Statement. For more information or for general questions regarding your e-mail account, please visit Windows Live Hotmail Help.Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA © 2009 Microsoft Corporation. All rights reserved.
Six signs of a scam
1. Request for passwords and other personal information. Most scams are designed to trick people into turning over their passwords, user names, social security numbers, or other personal information. You should never send this information in an email message. For more information, see How to reduce the risk of online fraud.
2. Use of the Microsoft name. Cybercriminals often use the names of well-known companies, like Microsoft, to increase legitimacy and convince you to release your personal information. For more information, see Avoid scams that use the Microsoft name fraudulently.
3. Threats that require you to take action. In the scam above the cybercriminal claims that your account will be deleted if you do not respond with your personal information. Microsoft does not send threatening messages and will not ask for personal information in an email message.
4. Use of real information about Microsoft. The email above uses the correct Microsoft address and a link to the Microsoft privacy statement. Don’t be fooled by these details or others such as Microsoft logos or language you’ve seen on official Microsoft email.
5. Bad grammar and misspellings. Our copyeditors would never have allowed mistakes like the ones in this email to pass their desks. For more information, see How to recognize phishing emails or links.
6. Generic greeting. Legitimate messages are not often addressed to “Account Owner.” If Microsoft needs to send you official correspondence about your email account, for example, we will address you by name. However, bear in mind that cybercriminals do have ways of getting your name from your email address. Check for other signs of a scam, even if an email is addressed directly to you.
If you think you might have been a victim of a scam, see What to do if you’ve responded to a phishing scam.