locked
Phishing attempt from Windows Live? RRS feed

  • Question

  • I just received the following message to my hotmail address.  I DID NOT reset my password as indicated by the message - however I immediately did so because I believe the following message is a phishing attempt.

     

    Can you confirm this message is fake?

     

    Thanks,

    Joe

    [removed email address]

     

    > Date: Tue, 26 Feb 2008 14:56:29 -0800
    > From: postmaster@live.com
    > Subject: Reset your Windows Live password
    > To: jtlapp@hotmail.com
    >
    >
    > Hello, [removed]@hotmail.com:
    >
    > We received your request to reset your Windows Live password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account.
    >
    > If you didn't request that your password be reset, please follow the instructions below to cancel your request.
    >
    >
    > CONFIRM REQUEST AND RESET PASSWORD
    >
    > 1. Copy the following web address:
    >
    > [removed]

    >
    > IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading links, Microsoft recommends that you do not click links in e-mail, but instead copy and paste them into your browsers, as described above.
    >
    > 2. Open your web browser, paste the link in the address bar, and then press ENTER.
    >
    > 3. Follow the instructions on the web page that opens.
    >
    >
    > CANCEL PASSWORD RESET
    >
    > 1. Copy the following web address.
    >
    > [removed]

    >
    > IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading links, Microsoft recommends that you do not click links in e-mail, but instead copy and paste them into your browsers, as described above.
    >
    > 2. Open your web browser, paste the link in the address bar, and then press ENTER.
    >
    > 3. Follow the instructions on the web page that opens.
    >
    >
    > OTHER INFORMATION
    >
    > Windows Live is committed to protecting your privacy. We encourage you to review our privacy statement Privacy Statement at http://g.msn.com/2privacy/enus.
    >
    > For more information, go to the Windows Live Account site at https://account.live.com.
    >
    >
    > Thank you,
    >
    > Microsoft Customer Support
    >
    > NOTE: Please do not reply to this message, which was sent from an unmonitored e-mail address. Mail sent to this address cannot be answered.
    >

    Wednesday, February 27, 2008 3:34 AM

Answers

  • No, this isn't a phishing attempt. What probably happened is that someone thinks that your email address is their email address. So, they tried to log in with their password, which didn't work, so they tried to reset it. As you can see, it requires validation to approve the change, which is why you got the email. That's why having an alternate email address set up under http://account.live.com for your LiveID is a good idea.

    If you simply ignore this request, your password is not reset.

    There is really nothing that can be done about this, unfortunately.

    -steve

     

    Wednesday, February 27, 2008 4:04 PM
    Moderator

All replies

  • No, this isn't a phishing attempt. What probably happened is that someone thinks that your email address is their email address. So, they tried to log in with their password, which didn't work, so they tried to reset it. As you can see, it requires validation to approve the change, which is why you got the email. That's why having an alternate email address set up under http://account.live.com for your LiveID is a good idea.

    If you simply ignore this request, your password is not reset.

    There is really nothing that can be done about this, unfortunately.

    -steve

     

    Wednesday, February 27, 2008 4:04 PM
    Moderator
  • I can see that if it only happens once, but I've gotten three of these in the last three days. Whoever thinks my address is their address is an idiot, because my full name is spelled out in my email address. Either that, or it's a phishing attempt.

     

    Monday, March 17, 2008 4:25 AM
  •  J@yKay wrote:

    I can see that if it only happens once, but I've gotten three of these in the last three days. Whoever thinks my address is their address is an idiot, because my full name is spelled out in my email address. Either that, or it's a phishing attempt.

     

    By strict definition, it isn't phishing. However, it could well be that someone is trying to "steal" you account. Ignore the emails and the password will not be reset and you will retain ownership and access of the LiveID. If you are using a weak password, change it to a strong one to insure that your account remains your account.

    -steve

    Monday, March 17, 2008 2:03 PM
    Moderator
  • I've been getting that same email!

    Glad to know I'm not the only one..

    I got about 3 of them as well.
    As long as you don't click on anything, it should be fine.

    Saturday, October 25, 2008 2:49 PM
  • I've gotten about 4 of these emails. Now it makes sense why I'm getting them.

    I did reset my password, but not via the links provided in the email.

    I simply logged into my account and reset my password from within the account.

    I keep deleting these emails, but they are getting annoying.

    Microsoft should try to block unsuccessful password resets from certain IP addresses or countries.

    Doesn't that make sense?

    Razvan M.
    Sunday, November 16, 2008 4:45 PM
  • The password reset requests are a pain, and your action was the right one to take. I'm not sure that an IP or country block is the answer, though. I don't know what the solution is, but I do know it is a pretty common problem and that the process may need to be re-thought.

    -steve

     

    Monday, November 17, 2008 7:38 PM
    Moderator
  • hey guys, this is annoying as ive had 11 temps in 3days, this has been going on for abt a month now and to be honist its getting on my nervs as all i get is these password change requests,

    there must be something that can be done about this as there must be loads of us now having these problems
    Tuesday, November 25, 2008 10:06 PM
  • Here's what I'd do in the same situation: because in this instance, you opened the email (I'd never do that, by the way,) print it and delete it.

    Now sign out of your Hotmail account. Sign back in but choose to change your password. (This is safe!)

    You'll get a reply back from Microsoft with either the same, or a similar message to the one you've just printed out.

    Print the new one and compare the two which should tell you whether they both came from the same place. (Read the title). Confirm that you want to change your password and follow the prompts.

    Microsoft recently sent me, as a Hotmail user an automated email telling me how to stay safe online. The above issue was one of the things they mentioned and they actually tell you themselves that if you get one of these things without you doing anything, change your password immediately as "someone could be trying to get into your account". Windows Live does not "phish" its own users!

     

    Wednesday, November 26, 2008 8:29 AM
  • To be clear, the closing on this post is wrong. There is plenty that *can* be done about this problem, while likely little that Microsoft would be willing to do without a court order. I see no reason why MS would not readily provide the originating IP address.

    Users can decide if MS's complete unwillingness to investigate obvious attempts to steal sensitive and private information is worth switching services.
    Tuesday, December 8, 2009 6:44 PM
  • To be clear, the closing on this post is wrong. There is plenty that *can* be done about this problem, while likely little that Microsoft would be willing to do without a court order. I see no reason why MS would not readily provide the originating IP address.

    Users can decide if MS's complete unwillingness to investigate obvious attempts to steal sensitive and private information is worth switching services.

    jror,

    You are simply misunderstanding the real issue here.  By trying to create a password change system that is secure and easy for the user (you), the side effect is that these same messages may appear due to invalid attempts by either a truly malicious person or simply someone who is mistaking your account name for your own.  The only way Microsoft could avoid this completely is to not offer this system at all, thus requiring you to go through a much more difficult method of either phone or some other ownership verification method that might take days to complete.

    Actually, there's a very simple way to avoid these messages and also much of the spam most people regularly receive.  Simply choose an account name that's not entirely common, don't ever post the account name anywhere it might be seen on the public Internet and finally, limit those you provide your email address to a small number of trusted individuals and reputable businesses.  I've done this and have had the same hotmal account for several years and still haven't received either spam or one of these mesages mentioned here unless I asked for the password reset myself.

    As for expecting Microsoft to 'investigate' such situations, there are no doubt tens of thousands a day, so to expect this for free accounts is simply foolish.  Even if you were paying, they'd need to increase the cost to cover the additional manpower required to perform this work, so you'd simply end up paying more for no real increased service.  And even if you were provided with an IP address, there's nothing that you could do with it, since there's no directory of who 'owns' each particular IP address and most are still assigned dynamically and can change at any moment or the attacks may be coming from the other side of the world.

    So if you wish to resolve this, switch to a different email address with an uncommon naming and then keep it as private as possible, because once it's known on the Internet anyone in the world can use it as they wish.

    Rob
    Tuesday, December 8, 2009 7:38 PM
    Moderator
  • So if you wish to resolve this, switch to a different email address with an uncommon naming and then keep it as private as possible, because once it's known on the Internet anyone in the world can use it as they wish.

    Rob

     

    I realize this is an old thread, but recently I have been getting these too.  I use a very specific email address for this service only.  It's not one that someone would randomly guess.  The domain isn't even one that's really known (it's my domain).  I don't have any online 'friends' through this service.  Everything I have is set to private (nothing public stored).  I think MS has had a database compromised.  Either that, or the system has a glitch that just sends these things out for no reason.

    The fact that this is an old problem just seems to show that the issue hasn't been passed through the proper channels to see what's going on.  To say it's a 'free' service is pretty far from the truth.  It's more like an addon service for the thousands I have spent on MS products over the last 15 years.  The additional utilities for Win 7 (like an email client) must be downloaded after you sign in to a live account.

    As for jror's statement about including the originating IP in the email, I think that's an outstanding idea.

    Sunday, June 20, 2010 8:56 AM
  • I realize this is an old thread, but recently I have been getting these too.  I use a very specific email address for this service only.  It's not one that someone would randomly guess.  The domain isn't even one that's really known (it's my domain).  I don't have any online 'friends' through this service.  Everything I have is set to private (nothing public stored).  I think MS has had a database compromised.  Either that, or the system has a glitch that just sends these things out for no reason.

    The fact that this is an old problem just seems to show that the issue hasn't been passed through the proper channels to see what's going on.  To say it's a 'free' service is pretty far from the truth.  It's more like an addon service for the thousands I have spent on MS products over the last 15 years.  The additional utilities for Win 7 (like an email client) must be downloaded after you sign in to a live account.

    As for jror's statement about including the originating IP in the email, I think that's an outstanding idea.

    Refuge Denied,

    Are you certain that the free Hotmail account in use has never existed on a PC that has been compromised by malware or was ever used to send an email to anyone else?  If either of these might have occurred, the email address could have been collected by malware on your or someone else's PC.

    I have still never received any of these messages myself and in fact have yet to get any true spam on either my personal or another special account I also used for only OneCare service, so this isn't a common problem.  This leads me to believe that those few who have the issue either have an eaisly guessed email name or more likely it was captured during some form of a local attack on a PC that used the address in the past.

    The hotmail and associated Windows Live accounts themselves are free, though the services they are used to enable may not always be.  Since the subject here is entirely related to the email portion of the service and nothing else, that's obviously what I was referring to, but anyone can twist meanings if they wish.

    I have downloaded absolutely nothing but OneCare, since no other installed applications are required to support a Windows Live account and Hotmail can be operated entirely as a web based service.  This is the most secure method since no address book or other information is available locally on your PC to be collected by malware.  I haven't used a POP mail client on a PC in several years, they're an ancient and useless concept in this day of mobile and multiple client access points and email address collecting malware.

    Rob

    Monday, June 21, 2010 5:17 AM
    Moderator
  • I'm locking this thread.

    Discussion and Help for Windows Live ID, Windows Live Profile, Account, Hotmail, etc. can be found at http://windowslivehelp.com

    -steve


    ~ Microsoft MVP Windows Live ~ Windows Live OneCare| Live Mesh|MS Security Essentials Forums Moderator ~
    Wednesday, June 23, 2010 12:17 PM
    Moderator