Thieves like to use variations on their “oldies but goodies”  scams to trick people into handing over their private personal identity information. Why?  Because they know they work.  Graham Cluley has written a very instructive article on the latest phishing attack aimed at Hotmail and MSN users (nakedsecurity.sophos.com, “Phishing attack against MSN/Hotmail users –a new year, but old tricks still persist”).

Mr. Cluley’s article includes a screenshot of the kind of phishing email that Hotmail and MSN users might get.  Here’s a quick summary since more details can be found in Mr. Cluley’s article.  The email:

  • Claims to come from a “Windows Live Team”;
  • Says that different computers have tried to log onto the user’s Hotmail and MSN account using multiple passwords;
  • Tells the user that his account’s been suspended since the multiple password errors shows the computer’s been used for fraudulent purposes; and
  • Instructs the user to reconfirm personal account information.

Don’t do it!  The email screenshot in Mr. Cluley’s article shows that users are asked for their full name, user name, password, to reconfirm their password, date of birth and country.

How can you tell this is a fraudulent email?  As Mr. Cluley writes, Microsoft wouldn’t ask users to reconfirm their identity in an email — or, at least, not in the way outlined in the phishing email. Also, the email address itself doesn’t look like a legitimate Microsoft address.

Take the time to review the information in Mr. Cluley’s article.  Protect yourself so the scammers “phishing net” won’t include your personal information in their haul.