Microsoft Warns Users About Windows Live Social Engineering Scams
Designed to harvest account info

By Marius Oiaga, Technology News Editor

17th of March 2009, 14:52 GMT






Microsoft has warned users against fake emails claiming to be from the Windows Live team asking them for their account data. The Redmond company has described a scenario in which the fraudulent email messages masquerading as being sent from Windows Live request sensitive information such as username, password, date of birth and country or territory, in order to help prevent the otherwise imminent deletion of the account. Users should understand that these emails are scams designed to steal their personal data and nothing more, and should in no way respond to them.



“Microsoft will never ask you to provide your username, password, date of birth, country, credit card information, etc. via e-mail. Never enter your password anywhere besides the official Windows Live ID sign-in page,” a member of the Windows Live team revealed.

The email in question is nothing more than a social engineering scheme set up to scare users into handing over their account information or risk losing their account. Of course, there is no actual risk involved whatsoever. Microsoft has warned Windows Live users not to offer their login information in any manner in the eventuality that they will come across such requests.

“We have been getting frequent [inquires from users] who’ve received a suspicious e-mail message asking for their password and other personal information and claiming to be from the Hotmail or Windows Live team. It says that their account will be closed unless they reply with this information within 24 hours, 2 weeks, or something similar. It is a scam! Please don’t reply or click any of the links. Your account will not be closed,” the Windows Live team member added.

Users should always take the necessary measures designed to protect them as well as their data. This involves not allowing an email to scare them into offering their data on a silver platter but rather investigating the request, and attempt to confirm whether it is legitimate or not.

“Never click a link within the e-mail. Instead, search for the website of the company that it claims to be from, and then contact their customer service reps to verify the validity of the e-mail. Or if it claims to be from a friend of yours, call your friend and ask,” the Windows Live team representative added. The advice from Microsoft is to report such emails as phishing scams in order to improve the Hotmail spam filters and help safeguard users from similar future social engineering attempts.