Helping people with computers... one answer at a time.

People continue to fall for what more experienced users would say are laughably bogus phishing attempts. I'll analyze why one common attempt is so bad.

I keep getting this email from Hotmail - is it legit?

Subject: Account Alert
From:  WINDOW TEAM (*****@hotmail.com)
To:  *****@hotmail.com

Dear Account Users

CONFIRM YOUR WINDOWS LIVE ACCOUNT SERVICES. VERIFY YOUR
HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!!

...

This is an old, old scam. Delete it. Ignore it. Do not follow its instructions or your account will be hacked or your identity stolen.

Clear enough?

Apparently not, since I keep getting asked about this scam over and over and over again.

And it's not even that good a scam.

Let me walk through the many ways it's so obviously bogus.

By far the single most obvious and telltale sign that this is a bogus scam?

The English is horrible!

"This is a classic 'phishing' scam."

The entire message is littered with grammatical errors and other problems. Sure, official emails often have occasional mistakes; it happens. But an official communication from a huge U.S. based corporation is not going to be anywhere near this atrocious.

Let's look at some grammatical specifics and some of the many other tell-take signs in the part of the email we've seen so far:

  • WINDOW TEAM: There is no "Window Team". The product would be "WindowS", with an S. And email about what is now called Windows Live Hotmail would not come from the Windows Team, but from the Windows Live team - they are distinct teams.

  • *****@hotmail.com: the "From:" address, which I've obfuscated here, was obviously an email address of a random person, not a Microsoft employee. How do I know this? The email address was the classic name-digit-digit form that people use when they can't get just "name" as their email address. You think Microsoft employees need to do this? They use either official email addresses like "support" or "customerservice", not individuals, and - ironically - they don't usually use hotmail accounts to do it. Microsoft employees are typically @microsoft.com.

  • VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!! ALL CAPS. Official emails do not use ALL CAPS this much. It represents shouting, and is considered very rude. An official business email would never use all caps to this degree.

  • VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!! Horrible English: to avoid it being closed.

Some more tidbits from the rest of the message:

This Email is from Hotmail,  Msn and Live Customer Care and
we are sending it to every  Email User Accounts Owner for
safety. we are having congestions due to the anonymous
registration of  accountso we are shutting down some
accounts and your account was among those to be deleted. We
are sending this email to you so that you can verify and let
us know if you still want to use this account. If you are
still interested please confirm your account by filling the
space below.Your User name, password, date of birth and your
country information would be needed to verify your account.

I just can't list the many, many grammatical errors in that paragraph. It was clearly written by someone who does not speak English.

" Hotmail, Msn and Live Customer Care" - uh, no. "Hotmail", maybe. "MSN Hotmail" if this was two years old. "Windows Live", not "Live". In fact, the product name is "Windows Live Hotmail", and any official email from Microsoft can be reasonably expected to get their own product name correct.

Due to the congestion in all Hotmail ,Msn and Live users
and removal of all unused Accounts, we would be shutting
down all unused Accounts, You will have to confirm your
E-mail by filling out your Login Information below after
clicking the reply button, or your account will be
suspended within 24 hours for security reasons.

Windows Live Hotmail already has a policy and procedure for pruning unused accounts. All you need to do is login periodically, nothing more, nothing less.

* Username: ..............................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: ................

No one will ever ask you to email in your password. No one. Not ever. Never.

Next to the horrible English, this is, by far, the most glaring example that this is a scam. You're being asked to email your account login ID and password to a random email address. Don't do it. You will lose your account if you do.

After following the instructions in the sheet, your account
will not be interrupted and will continue as normal. Thanks
for your attention to this request. We apologize for any
inconveniences.

Warning!!! Account owner that refuses to update his/her
account after two weeks of receiving this warning will lose
his or her account permanently.

Sincerely,
The Windows Live  Team

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

Besides the continued bad English and bizarre spacing that's present throughout the message, this is just bogus fluff to make it look legitimate. I'm surprised that they finally got the product team name correct, but the fact that the product name changes throughout the message is another sign that whomever wrote this didn't really know what they were doing.

This is a classic "phishing" scam. It's point is to fool you into divulging your account information to someone, who can then steal your account and cause you a lot of grief.

And as bad as this one is - and trust me, particularly if you don't speak English natively, this one is really, really bad - people fall for it. Every day.

Don't be one of them.

Article C3863 - September 6, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Recent Comments
40 Comments
Oskar unre
March 31, 2012 3:19 AM

There'll always be bad and a good people. I've read an article about fishing & spam. You can buy 10,000 e-mail addresses generating from aaaa0000@winlive.* to zzzz9999@winlive.* for just 100,-bucks...so it's free! And to be afraid of, their intelligence 's improving! There have to be some regulations in the jurisdiction...Proving your personal identity and the address where you live should be one of the first conditions to register a domain or an e-mail account...like a driver's license or to register a car...this may happened first with the 'closed-friends' countries to the US, like EU, Canada,..but similar to register every video camera, every guitar, every golden ring,...it's simply useless to say.

Cathhy E
April 19, 2012 2:14 AM

Thank YOU for your information regarding "Is Windows Live about to close my acount". I was wary, and wanted to check it out some especially since the email was asking for my DOB and passowords!!! Thank you again Leo for helping me avert a disaster!!! Keep up for great work!

Jade
July 1, 2012 12:41 AM

LOL! You just gave all of these non-English speaking commenters more tools to write better phishing emails.

Just kidding. But please, someone is about to close your hotmail account? Do you really care?

I replied to that phisher and told them my grandfather was the prime minister of a West Arfican (spelling intentional) repulbic, and was imprisoned 20 years ago, and I needed their account details so I could send them all of my money and then we'd split the money when I got to safety with their help.

Kevin
December 31, 2012 3:22 PM

Even though I know these Confirmation emails are scams, they all have email addresses that are not what Microsoft would use, and of course no one would ask for your password. But I did a properties search for the incoming email and the IP address for this email came from Redmond Washington, home of Microsoft. Now how would the sent email properties be able to use the IP address from Redmond Washington when it's clear the email is bogus. I mean really, what's the chances the tool doing this is actually living in Redmond. It also says its a Corporate Account and it says it's Microsoft. So not only is the email bogus, but somehow they're managing to disguise the properties so if you check it you'll see that it's actually from Microsoft. Here's what I found...IP: 65.54.190.224
Decimal: 1094106848
Hostname: bay0-omc4-s22.bay0.hotmail.com
ISP: Microsoft Hosting
Organization: Microsoft Hosting
Services: Likely mail server
Type: Corporate
Assignment: Static IP
Blacklist:
Geolocation Information

Country: United States
State/Region: Washington
City: Redmond
Latitude: 47.6801 (47° 40′ 48.36″ N)
Longitude: -122.1206 (122° 7′ 14.16″ W)
Area Code: 425
Postal Code: 98052

It's as simple as the scammer logging into Hotmail and using Hotmail to send the scam. Hotmail is owned by Microsoft, and its servers are identified as residing in Redmond. (Not accurate, but it identifies the server owner, Microsoft, as residing in Redmond.) The actual IP address of the person sending the email is not neccessarily included in the headers when webmail is used.
Leo
03-Jan-2013

Zach
February 21, 2013 2:20 PM

I got one of these and I replied "Hay, If you ARE Microsoft live.... Then don't you know this? Bad Spammer! Bad!" XD and i was only 14 and using my dad's account.