My brother-in-law got not one but two sophisticated phishing emails in his Hotmail account. Both targeted his Hotmail account. He should never have seen the emails. Where were Hotmail’s “anti-spam” algorithms?

hotmail phishinghotmail phishing

If you could mouse over the first set of links, you would see that they look like they are legit, but if you click on them, you discover that they aren’t. (At least not now.)

http://microsoft.windowslive.com/Key=40023.F3kY.C.GJ.h5bhK
http://microsoft.windowslive.com/Key=40023.F3kY.D.GJ.J28b5J
http://microsoft.windowslive.com/Key=40023.F3kY.F.GJ.D3zlX8

And if you are fluent in English, and read like a proofreader, you might catch the grammatical errors and awkward phrasing:
hotmail phishinghotmail phishing

But you should not have to!

Hotmail (as well as Yahoo or Google) would never send out an email asking for customer personal information. Therefore, it seems like a simple filter that counts words like Hotmail (9), account (14) and verify (4) should be sufficient to flag this as probable spam/phishing and divert it to the junk folder.

Heck, a filter that simply looks at the from and subject lines should be enough to send this to the junk folder, since the mail server should be able to determine if the email is a valid administrative account (there should be a limited number of accounts that can send “Hotmail Alerts”) and if the mail truly originated at Hotmail.

Arghhh!

And no, he didn’t fall for it but he did send a copy to Mike, who sent it to me. We so rarely see phishing exploits (gmail) that we can be taken aback at how sophisticated they have become.

:: WiredPen permalink : Follow me on Twitter!

Written by Kathy E. Gill

Digital evangelist, speaker, writer, educator. Transplanted Southerner; teach newbies to ride motorcycles! @kegill

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.