Would spammers send you a fake Windows Live friend request just to earn clicks to their pharmaceutical website?Judging by the warning that was recently posted by Jeff Jones on the Microsoft Security Blog, it appears that they most definitely would.
Here’s a copy of the email that’s currently hitting inboxes:
From: Windows Live (notification-microsoft.com)
Subject: Microsoft notification
Kaylen Giles wants to be your friend on Windows Live [VIEW INVITATION]
Notifications preferences | SMS notifications | Microsoft privacy statement
It may be surprising to know that only one link in the email, “[VIEW INVITATION]”, is booby-trapped. All other links go to their legitimate destinations, which help build the email’s credibility.
Should you make the mistake of clicking on the invitation, you will be redirected to a Canadian pharmacy website, canadapillgroup.com. But how can you avoid making that mistake in the first place?
By closely examining the email, of course!
Tips to Help You Spot a Fake Windows Live Notification
- One of the first things you’ll notice about the email is the odd sender address, which is merely a domain name (“notification-microsoft.com”). As Jeff Jones explained, “the SMTP protocol doesn’t do any validation of this field for email, so Spammers (and anyone) can put anything there they want.” So if you receive a Windows Live notification from an invalid sender’s address similar to this one, it’s likely a fake.
- Mouseover ALL of the links within the email, not just one or two as spammers sometimes slip in a few legitimate links to make the email appear authentic. If the links point to a domain that doesn’t match the service or company they’re allegedly associated with (ex: profile.live.com, www.microsoft.com, etc.), then there’s a good possibility that it’s fake.
- The friend request is coming from someone who you don’t recognize. Even if this were a real notification, the actual contact could be a spammer or bot looking to share all of their spammy goodness.
What to Do with Windows Live Spam
Did you get your very own copy of this spam? Here’s what I recommend doing:
- Do not click on any links or reply to the email.
- Mark the message as ‘Spam’ or ‘Junk’ in your email client.
- Report the email to SpamCop.
- Delete the email immediately.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+
No comments:
Post a Comment