My brother-in-law got not one but two sophisticated phishing emails in his Hotmail account. Both targeted his Hotmail account. He should never have seen the emails. Where were Hotmail’s “anti-spam” algorithms?
If you could mouse over the first set of links, you would see that they look like they are legit, but if you click on them, you discover that they aren’t. (At least not now.)
http://microsoft.windowslive.com/Key=40023.F3kY.C.GJ.h5bhK
http://microsoft.windowslive.com/Key=40023.F3kY.D.GJ.J28b5J
http://microsoft.windowslive.com/Key=40023.F3kY.F.GJ.D3zlX8
And if you are fluent in English, and read like a proofreader, you might catch the grammatical errors and awkward phrasing:
But you should not have to!
Hotmail (as well as Yahoo or Google) would never send out an email asking for customer personal information. Therefore, it seems like a simple filter that counts words like Hotmail (9), account (14) and verify (4) should be sufficient to flag this as probable spam/phishing and divert it to the junk folder.
Heck, a filter that simply looks at the from and subject lines should be enough to send this to the junk folder, since the mail server should be able to determine if the email is a valid administrative account (there should be a limited number of accounts that can send “Hotmail Alerts”) and if the mail truly originated at Hotmail.
Arghhh!
And no, he didn’t fall for it but he did send a copy to Mike, who sent it to me. We so rarely see phishing exploits (gmail) that we can be taken aback at how sophisticated they have become.