“Window Live Hotmail! Warning! Verify Your Account Now To Avoid Closure”
“CONFIRM YOUR WINDOWS LIVE ACCOUNT SERVICES. VERIFY YOUR FREE HOTMAIL ACCOUNT NOW !!!”
“Windows Live Hotmail Member Services (memberservices1.com@hotmail.com)”
I have seen several instances of spam (such as above) where the email claims to be from a legitimate entity such as Hotmail and warns users about impending account closure unless the user responds with personal information.
Here is an example of such an attack and one technique to thwart them.
Red Arrow: Points to the section of the email that contains the email address of the sender
Blue Arrow: The “display name” selected by the email sender
Black Arrow: The actual email address of the email sender
The information in the blue and black arrow should match and make sense. For example, all Windows Live communication or Hotmail communication should arise from a Windows Live domain.
Hotmail is a free email web service i.e. anyone can use Hotmail to create an account and assign any name to the account (information in blue). If an email claims to come from Hotmail or Windows Live or Microsoft, I would expect that email (the black arrow information) to not be a “free” service such as Hotmail but something like WindowsLive.com or Microsoft.com or Live.com
Remember, an attacker can choose anything they want to be displayed in the blue arrow section. Never trust that information.
