Got something in your inbox that just doesn't look right? Getting hooked by a phishing scam is one of the biggest risks online, make sure you know how to spot one.
While the branding at the top might look familiar, if you were to have taken the bait and replied to this e-mail, chances are your personal details (including your user name and password for your Hotmail account, along with your date of birth and country of residence) would have almost immediately fallen into the hands of an online criminal engaged in a "phishing" operation.
Phishing scams are run across the world by cybercriminal operations. They vary greatly in size and skill, from amateur one-person shows to sophisticated and highly resourced gangs of professionals. Sometimes they utilise networks of hundreds of thousands of hacked, "zombie" computers to send off bogus e-mails to "phish" for users' details, which can then be sold to gain access to a victim's bank or credit account, or used in various other types of fraud.
This recent phishing campaign, operating under the Windows Live Hotmail banner attempts to dupe users by claiming that a large number of "unused" Hotmail accounts have been deleted to free up space on the network, requiring the user to confirm their details to avoid having their account deleted.
"This is classic social engineering," says James Turner, security advisor at research group IBRS. "If it contains something where you have a vested interest in replying then it's all the more likely that the e-mail is not on the level.
"Access to your e-mail account can become something like a honey pot for phishers. Given that a lot of users share the same password across any number of different sites and platforms, it doesn't take a great stretch of the imagination to see how someone could start making some serious money at your expense if your banking details are linked to something like eBay or Amazon."
Although there is a fair amount you can do to secure your inbox, there's no way to stop every single suspicious e-mail from sneaking through. So the best way to protect yourself is to know how to spot a nasty.
"If you receive an e-mail like this, asking you to do something like this, you should go to the point of origin and check it there," says Turner. A recent Windows Live security announcement takes this a step further, claiming "no legitimate company" will ever ask you to provide a user name, password, date of birth or country of origin via e-mail. Nor will a legitimate company ever issue an ultimatum or warning like the one shown here.
By and large, scam e-mails tend to be poorly written, and conventional wisdom suggests that this alone can be a dead giveaway. But Turner believes users should be on the lookout for more than just sloppy grammar: "The sad fact is that a lot of e-mails from major organisations are going out with really poor spelling and expression anyway," he says.
In other words, stay smart.
Got a phishing story? Why not share it with us below.
Home