May 18th, 2011
Econintersect: Scammers are still masquerading with official sounding messages attempting to obtain personal information from Hotmail and Windows Live Hotmail users. A member of the GEI staff received one of the latest this morning (Wednesday, May 18, 2011) shown below. Some of these have been posted by the scam reporting sites such as E-mail Scammers Blog and a warning has been posted by Microsoft (see Microsoft source below). The attempt to fraudulently obtain personal information is known as a phishing scam. Microsoft advises:
Here is the phishing scam e-mail received at GEI this morning:
From a January, 2010 post at E-mail Scammers Blog:
Windows Live Hotmail Alert !!!
Dear Account Owner
This Email is from Hotmail Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.
* Username: ………………………….
* Password: …………………………..
* Date of Birth: ……………………….
* Country Or Territory: …………….
Confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons.
The Windows Live Hotmail Team
Notice that the details of the message changes over time, but the type of personal information is the same in both e-mails.
What can the scammer do with such information? He can read all the target's e-mails, capture their contact list and learn about the target's personal life. One example of how the information was used follows.
Last year this GEI editor received a Sunday morning e-mail from a close relative (from their personal e-mail address) which is copied below:
Please, I need your help. I am stranded in London! I arrived here two nights ago to have a meeting with a group of dancing schools and I thought the trip would be smooth but to my surprise, London is not as save as I presumed. I was robbed last night on my way back to my hotel, all my belongings were taken from me, my wallet, money, credit cards and my cell phone, everything.
I have reported the matter the police but there is no much help from them and I must return home later today and I am yet to settle my hotel bills. I have already made a flight reservation but I haven’t paid for the ticket. I am stranded here and there is no one to turn to. I am indebted to the tune of $2610 which must be paid before I can step out of this place. Honestly, I am not supposed to bother you with this but I believe that I can confide in you. I need somebody like you to get me out of here. My flight out of here leaves in less than five hours from now and I have not even paid for my ticket.
I am reaching you from my hotel's cyber café as I have nothing on me, nothing at all, not even a dime. I tried to get some sleep last night but I couldn't as I was thinking of how to return home. There is no way I can reach anybody and there is no way I can pay for my ticket and my hotel bills as I have been dispossessed of all my belongings.
Please, I want you to help with this money and I will pay you back immediately I get back home. Please I am counting on you. You can make the money available through Western Union money transfer in my name as follows:
[Name of relative]
Please don't forget to send the western union information to me immediately you are through with the payment, there’s a western union outlet that just few blocks away from my hotel and I can easily pick it up there. Please help me, I must unfailingly return home today.
Please I am counting on you.
[First name of relative]
The scammer obviously had obtained the personal interests of my close relative and the family relationships from their e-mail account and then used that e-mail account to try to shake me down.