Helping people with computers... one answer at a time.

People continue to fall for what more experienced users would say are laughably bogus phishing attempts. I'll analyze why one common attempt is so bad.

I keep getting this email from Hotmail - is it legit?

Subject: Account Alert
From:  WINDOW TEAM (*****@hotmail.com)
To:  *****@hotmail.com

Dear Account Users

CONFIRM YOUR WINDOWS LIVE ACCOUNT SERVICES. VERIFY YOUR
HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!!

...

This is an old, old scam. Delete it. Ignore it. Do not follow its instructions or your account will be hacked or your identity stolen.

Clear enough?

Apparently not, since I keep getting asked about this scam over and over and over again.

And it's not even that good a scam.

Let me walk through the many ways it's so obviously bogus.

By far the single most obvious and telltale sign that this is a bogus scam?

The English is horrible!

"This is a classic 'phishing' scam."

The entire message is littered with grammatical errors and other problems. Sure, official emails often have occasional mistakes; it happens. But an official communication from a huge U.S. based corporation is not going to be anywhere near this atrocious.

Let's look at some grammatical specifics and some of the many other tell-take signs in the part of the email we've seen so far:

  • WINDOW TEAM: There is no "Window Team". The product would be "WindowS", with an S. And email about what is now called Windows Live Hotmail would not come from the Windows Team, but from the Windows Live team - they are distinct teams.

  • *****@hotmail.com: the "From:" address, which I've obfuscated here, was obviously an email address of a random person, not a Microsoft employee. How do I know this? The email address was the classic name-digit-digit form that people use when they can't get just "name" as their email address. You think Microsoft employees need to do this? They use either official email addresses like "support" or "customerservice", not individuals, and - ironically - they don't usually use hotmail accounts to do it. Microsoft employees are typically @microsoft.com.

  • VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!! ALL CAPS. Official emails do not use ALL CAPS this much. It represents shouting, and is considered very rude. An official business email would never use all caps to this degree.

  • VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID IT CLOSED !!! Horrible English: to avoid it being closed.

Some more tidbits from the rest of the message:

This Email is from Hotmail,  Msn and Live Customer Care and
we are sending it to every  Email User Accounts Owner for
safety. we are having congestions due to the anonymous
registration of  accountso we are shutting down some
accounts and your account was among those to be deleted. We
are sending this email to you so that you can verify and let
us know if you still want to use this account. If you are
still interested please confirm your account by filling the
space below.Your User name, password, date of birth and your
country information would be needed to verify your account.

I just can't list the many, many grammatical errors in that paragraph. It was clearly written by someone who does not speak English.

" Hotmail, Msn and Live Customer Care" - uh, no. "Hotmail", maybe. "MSN Hotmail" if this was two years old. "Windows Live", not "Live". In fact, the product name is "Windows Live Hotmail", and any official email from Microsoft can be reasonably expected to get their own product name correct.

Due to the congestion in all Hotmail ,Msn and Live users
and removal of all unused Accounts, we would be shutting
down all unused Accounts, You will have to confirm your
E-mail by filling out your Login Information below after
clicking the reply button, or your account will be
suspended within 24 hours for security reasons.

Windows Live Hotmail already has a policy and procedure for pruning unused accounts. All you need to do is login periodically, nothing more, nothing less.

* Username: ..............................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: ................

No one will ever ask you to email in your password. No one. Not ever. Never.

Next to the horrible English, this is, by far, the most glaring example that this is a scam. You're being asked to email your account login ID and password to a random email address. Don't do it. You will lose your account if you do.

After following the instructions in the sheet, your account
will not be interrupted and will continue as normal. Thanks
for your attention to this request. We apologize for any
inconveniences.

Warning!!! Account owner that refuses to update his/her
account after two weeks of receiving this warning will lose
his or her account permanently.

Sincerely,
The Windows Live  Team

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

Besides the continued bad English and bizarre spacing that's present throughout the message, this is just bogus fluff to make it look legitimate. I'm surprised that they finally got the product team name correct, but the fact that the product name changes throughout the message is another sign that whomever wrote this didn't really know what they were doing.

This is a classic "phishing" scam. It's point is to fool you into divulging your account information to someone, who can then steal your account and cause you a lot of grief.

And as bad as this one is - and trust me, particularly if you don't speak English natively, this one is really, really bad - people fall for it. Every day.

Don't be one of them.

Article C3863 - September 6, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

40 Comments
zip
September 7, 2009 6:11 AM

Leo.. teach me English.. :)

As many of my regular readers will be quick to point out, I'm far from the best English teacher.
Leo
07-Sep-2009

Lee
September 7, 2009 6:49 PM

Hi Leo,

I too am amazed at how easily people fall for these scams. They are so obviously not legitmate, especially the example you have here. I have seen some very good attempts at phishing attacks that have fooled staff in my company and I have tried my best to educate peoeple that bascially a big company will not email you for this type of information ever, but people get scared by the threat so easily. All they need to do is contact the company itself to verify if the email is legitimate before they hastily hit reply. i think as a rule if any email has a threatening consequence if you don't do what it says then that should be alarm bells anyway.

eized
September 8, 2009 5:59 AM

What about those three exclamation points? EH??? :-)

Pat Van Dusseldorp
September 8, 2009 10:08 AM

How many "phisherman" do you suppose are reading and correcting their "phishing" style using your examples?

Based on history, I'd say ZERO. I'm certainly not the first to have explained it in such detail and it's still coming on strong.
Leo
09-Sep-2009

Lynn Hancock
September 8, 2009 3:54 PM

"...whomever wrote this didn't really know what they were doing"? Try "whoever". "Whomever" is accusative case (the object of the clause), whereas in this case the usage is nominative case (the subject of the clause) and "whoever" is appropriate. But at least it is not as bad as the common mis-usage where "whoever" (also "who") is used as BOTH subject and object!

You only have to read forums (not this one :-) to see that the general standard of English usage is appalling. So many recipients of this type of spam probably would not appreciate the grammatical points you make in this article. And for many recipients, English would not be their first language, and they might think that the spam is actually good English!

Norbert Gruberger
September 8, 2009 4:03 PM

"whomever wrote this"???
just goes to prove that grammar mistakes are not always proof of a scam

Of course not. I wouldn't claim to write English perfectly (which keeps many nitpicks quite happy ;-) - my point is the sheer quantity and severity of the horrible English in the scam. PLEASE don't let my minor mistakes, which are inevitable, get in the way of understanding that point.
Leo
09-Sep-2009

Mark
September 8, 2009 5:03 PM

One other reaction I get from my supportees when they get an email or pop-up ad like this is "OMG I have a virus I can't use ma computer anymore until it's cleaned up*

As for Leo's grammar. Cut him some slack. So what if he's got a terminal grammar condition. He's a techie not a grammar geek.

sirpaul1
September 8, 2009 11:36 PM

If you just want to dis Leo's use of English, maybe you've just been phished. :-) (Sure, official emails often have occasional mistakes; it happens.) Picky, picky, picky!

XP Guest Account Acting Like Win2K Guest Account
September 9, 2009 10:21 PM

this one comment gave me a good laugh;

How many "phisherman" do you suppose are reading and correcting their "phishing" style using your examples?

Based on history, I'd say ZERO. I'm certainly not the first to have explained it in such detail and it's still coming on strong.

Leo
09-Sep-2009

Posted by: Pat Van Dusseldorp at September 8, 2009 10:08 AM


I'd have to agree with Leo here, because most of the scams that are sent out by "phishermen" are usually a cut / copy & paste job, into the new scam email, and just slightly modified to fit the new scam, be it your hotmail, or gmail, yahoo mail, etc. accounts
or the:
"pleas send me your bank account info so I can depost $1m US into;"
scams

Drew
September 11, 2009 4:48 PM

Microsoft is not immune to grammatical idiocy either. The one we all see all the time, and that grates on me every time I see it,is on the Control Panel Add/Remove Programs application; i.e., "Please wait while the list is being populated." It's either "Please wait -- the list is being populated" or "Please wait while the list is populated." Also, "populated" is kind of a weird term to apply to something that's not a physical place being occupied by a certain number of animals or something at least organic.

johnpro
September 12, 2009 5:31 AM

Yes , a lesson in English grammar as well as scamming this week.

Even so, would Americans do much better trying to scam Africans,Russians or Chinese..?

fran
September 12, 2009 10:21 AM

I get these often, but there are times i'd like to answer these 'nut's by entering all false information. That would give them something else to do.. but I don't do it..
thanks anyway
fran

Alex
September 14, 2009 9:31 AM

I cannot believe that anyone, even a new computer user (luser) could be so naive that they would even begin to think that this is a legit email. Just goes to show.
How does grammar come into this? Grammar is a false construct, attempting to rigidly control that which is by nature fluid and changeable. All languages change with use, and their grammar changes also.

William Govan
December 18, 2009 7:37 PM

I know my password but I can't open my email. It
seems that microsoft does not recognize my email
address. I have been using for two tears. What is the problem?

jacquie balois
January 13, 2010 9:03 AM

I feel victim by answering the scam, now all my contacts are receiveing emails that I am at a conference in england and lost my money please send money. I can not access my account or change my password.

That is correct. Your account is most likely gone forever. Read this article: Hotmail says my password is incorrect, but I know it's right. What do I do?
Leo
14-Jan-2010

Ian Darby
January 31, 2010 7:37 AM

The convoluted English used gives me the impression that it comes from Nigeria, e.g., "we would be shutting down all unused Accounts".

Charlene
March 6, 2010 4:59 AM

Thanks a mil Leo!
I received that stupid bogus email telling me to 'verify my hotmail account' from a ***_*** @ hotmail . co . uk & the 'reply' addy was
w i n d o w s l i v e h 01 @ gmail . com! I immediately went into the legit Windows & Hotmail sites to report them.
In addition, I sent the 'phishers' a very very nasty email (couldn't help myself!)
Gosh, can u believe the audacity & downright cheek of these people!
Thanks for all your help & a gr8 site! :-)

Robb Smith
April 10, 2010 8:52 AM

I,m getting a "verify the account" message so that
I cannot SEND any e~mails now! How do I veryfy?!

j davis
May 1, 2010 7:36 AM

As usual Leo has it right. I have been getting these emails for quite some time. I right click on the message and get the 'view source' information and send to to Hotmail. They have been very proactive in closing down the email accounts associated with this phishing scam. Everyone who receives one of these emails should report it--tis quick and easy.

chris
May 12, 2010 1:45 PM

i was in greece for 2 weeks on holiday, i was staying with relives. A greek girl i was with got this email and thought it was real, luckaly she asked me befor sending her info. people who are not english fall for this even more...

centriohost.com
May 29, 2010 1:53 PM

They also mailed be @ my mailbox. Those are spoof mail. Stay away from those fake mails.

_ _ _ _ _ _ _
Tomy

ustad_rahat edama darad
June 5, 2010 7:12 AM

because i wrote wrong name thats why i have to close my emil

Gisele
July 14, 2010 9:58 AM

Ok, I was really tired and taking medication so I did not pay enough attention. The e-mail seemed legit, the @microsoft and return address again looked legit. I was really concerned that my account would be closed so I went ahead and sent them the information. I should have known better, now that I think about it this would be the same scheme people would use to get your bank account and I would NEVER give them that information. So now I have a big problem. I no longer have access to my e-mail account and there is no way to contact Microsoft/hotmail that I'm aware of. Is there any way to recover my hotmail account? If not, how to I close it?

There are several articles on the site discussing your options. Here's the latest: How do I get Hotmail to close my stolen account?
Leo
15-Jul-2010

Helena
August 25, 2010 5:01 PM

The second example of a hotmail phishing scam is exactly what I got, and I was suspicious from the start, even the email was an email I could've made. So I just deleted the email right away, I didnt reply, nothing. Just deleted it.
The next day I couldn't log in at all. I still doubted that hotmail actually disabled my account, so I asked a bunch of friends if their hotmail still works, and all of them said yes.

So why can't I log in when I ignored that email?

Malcolm Bowen
December 23, 2010 6:20 AM

A friend /contact of mine fell for this scam and had her account and idenity stolen and all her contacts e-mail addresses were in the hands of the scamers.
I have this Windows Live Hotmail about to close your account several times and regular scam mails from most banks, Pay Pal, Inland revenue etc since her account was Hi Jacked. My bank is clear in advising that on no account would they ever e-mail me about anything in regards to my account and would only contact me by posted mail if they needed to contact me, or by phone inviting me to call in to my branch.
They would never ask for any details about my account unless I phoned them.
It is worth a mention that if a persons account is hi jacked one account could give a scamer hundreds of names and addresses and for this reason always delete previous addresses and use B.C.C when forwarding a e-mail.

Sheila Lindsay
April 20, 2011 12:57 PM

Leo, thank you so much for your postings, as I do appreciate them. It looks like they are becoming more and more savy with their scam approach, the email I received was very well worded and even included a signature of I suppose the head of the WindowsLive Team.

Account Alert™(Unique ID: N002629AC843WM162)‏
4/19/11
Reply ▼Reply
Reply all
Forward
Delete
Junk
Mark as unread
Mark as read
Delete all from sender
Print message
View message source
Show message history
Hide message history
Show details
Hide details Windows Live™ Team Add to contacts
From: Windows Live™ Team ({removed}@hotmail.com)
Sent: Tue 4/19/11 7:26 AM
To:


Always show content from {removed}@hotmail.com





Microsoft® respects your privacy. Please read Carefully.

Dear Account Owner,

This Email is from Msn-Live-Hotmail Customer Care™ and we are sending it to all Msn-Live-Hotmail Accounts Owner for safety. We are having congestion due to the anonymous registration of Msn-Live-Hotmail accounts so we are shutting down some Msn-Live-Hotmail accounts and your account is among those to be deactivated. We are sending this email to you so that you can verify and let us know if this account is still valid? If it is,The following information is needed to verify your account: Your User name, password, date of birth and your country information.
Click on the reply button and fill in your information:


Full Name:

User Name:

Password:

Date of Birth:
Country:


Characters:

Enter the 8 characters that you see


After following the above instructions your account will not be interrupted and will continue as normal. Thanks for your attention to this effect. We apologize for any inconveniences.

Warning!!! Account owner's that refuses to update there account after three days of receiving
this warning will lose the account permanently.

NOTE: Click Reply To Fill in Required Information

Sincerely,

Steve Craddock












jonathan wulwick
April 28, 2011 10:13 PM

{This is an example of a scam email this commenter received}

Windows Live Email Alert Confirmation®
The efficient way to do e-mail

DEAR ACCOUNT USER,

Windows Live Hotmail® is faster and safer than ever before and filled with new ways to stay in touch. Storage space that grows with you means you shouldn't have to worry about deleting your e-mail, and the new calendar makes it easy to share your schedule with family and friends.

Due to congestion in all Windows Live Hotmail email accounts caused by over 10 million inactive email accounts, there will be a phased deactivation of all inactive Hotmail® accounts: We will be shutting down all inactive accounts. You will need to confirm your E-mail by filling out your log-in information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons. To do this, please click your reply button, fill in the required information and send

* User Name:
* Password:
* Date of Birth:
* Country Or Territory

YOUR DETAILS WILL NOT BE SHARED.

We'll keep working on making Windows Live! the best email service around, and we appreciate your joining us for the ride.

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.

Warning!!! Account owners who refuse to update their accounts after two weeks of receiving this warning will lose their accounts permanently.

Sincerely,
The Windows Live Hotmail Team

* Take your e-mails on the road. Go mobile
* Chat with your Messenger friends from your inbox or download Messenger

Microsoft respects your privacy. Please read our online Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA © 2011 Microsoft Corporation. All rights reserved.


wow they are really getting better at it this one almost got me thanks for your help

agustin
July 7, 2011 4:47 PM

i am Argentine and friends get me this, written in English, excuse my spelling errors

HOTMAIL ACCOUNT CLOSURE ALERT™‏

05/07/2011
Responder ▼
Windows Live™ Team
Agregar a contactos

Los datos adjuntos, las imágenes y los vínculos de este mensaje se han bloqueado por motivos de seguridad.
Mostrar el contenido | Mostrar siempre contenido de mujahidsyed47@hotmail.com

Add Contacts | Explore Windows Live | Edit Profile

Dear Account User,

You are advise to verify your account details below to enable us upgrade your account. E.G Your Hotmail ID, Password, Date Of Birth etc.

In failure of doing this, you will Automatically lose your Hotmail Account.

Thanks for using Hotmail

Account Alert


VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID CLOSE !!!


Dear Account User,
This message is from Hotmail message center to all hotmail account owners and premium account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused Hotmail account to create more space for new accounts.

To prevent your account from closing, you will have to verify it below before One (1) Week from now!

VERIFY YOUR HOTMAIL ACCOUNT NOW TO AVOID CLOSE !!!

Hotmail ID:.................................

Password:...........................

Your Birthday:........................

Your Country or Territory:....................

Warning!!! Account owner that refuses to update his or her account before One week of receiving this warning will lose his or her account permanently.

Sincerely,
The Windows Live Team

Mark J
July 8, 2011 1:09 AM

@Augustin
This is the same scam mentioned in the article. Ignore it!

Robin Clay
September 27, 2011 3:56 PM

[Sigh] I guess "they" have read your article pointing out where they went wrong...


Oh, and - on the subject of "bad English" - [coff, coff]
"another sign that whomever wrote this " is exactly that. "whom" (or "whomever") is the object. In THIS case you should have used "whoever", as the subject.

Correct useage would be, e.g., "I can send it to whomever I want", where "I" is the subject of "want".

If followed by a verb, it should be "who", if by a noun, "whom".

"Whoever" and "whomever" likewise.

Oh, and - in the next sentence - "It's point is to fool you.. ", the apostrophe indicates a missing letter, here, "it is", which is obviously wrong. The possessive is "its", as this should have been.

Hey, Leo ! You've been reading too many of these phishing scams ! You're picking up bad habits ;-)


Erm... is this sufficient evidence that I read your article ? ;-)


Please don't take this to mean I don't appreciate your sensible advice ! For which I thank you, once more.

Mark J
September 27, 2011 10:02 PM

@Robin
As an English teacher, I can tell you that who is becoming accepted for use as an object. The apostrophe is a typo.

Helen
November 25, 2011 5:35 PM

Hi Super Leo,

If this is a scam why doesn't msn do something about it? I'm a novice in computers & realised this can't be right, googled it & found your advice, thank you so much for the 'plain english' explanation.

Mark J
November 26, 2011 1:02 AM

@Helen
The email which claims your email account will close is phishing spam which purports to come from Microsoft, but never goes through Microsoft's servers. So, Microsoft has no way of stopping these emails.
Why can't we catch spammers and phishers?

Stephanie
March 11, 2012 9:49 AM

I thought this was kind of fishy, so I replied asking why they would need my password and date of birth before I gave any information. I wish I would not have done that . . . anyhow, will they be able to hack into my accounts if I did not provide them with any of the requested items?

Mark J
March 11, 2012 2:43 PM

@Stephanie
By simply responding to that message, you haven't given them anything to enable them to hack your account, but by responding you've confirmed that your email address is valid and that may open you up to more spam.
How do I unsubscribe from all these unwanted emails?

Oskar unre
March 31, 2012 3:19 AM

There'll always be bad and a good people. I've read an article about fishing & spam. You can buy 10,000 e-mail addresses generating from aaaa0000@winlive.* to zzzz9999@winlive.* for just 100,-bucks...so it's free! And to be afraid of, their intelligence 's improving! There have to be some regulations in the jurisdiction...Proving your personal identity and the address where you live should be one of the first conditions to register a domain or an e-mail account...like a driver's license or to register a car...this may happened first with the 'closed-friends' countries to the US, like EU, Canada,..but similar to register every video camera, every guitar, every golden ring,...it's simply useless to say.

Cathhy E
April 19, 2012 2:14 AM

Thank YOU for your information regarding "Is Windows Live about to close my acount". I was wary, and wanted to check it out some especially since the email was asking for my DOB and passowords!!! Thank you again Leo for helping me avert a disaster!!! Keep up for great work!

Jade
July 1, 2012 12:41 AM

LOL! You just gave all of these non-English speaking commenters more tools to write better phishing emails.

Just kidding. But please, someone is about to close your hotmail account? Do you really care?

I replied to that phisher and told them my grandfather was the prime minister of a West Arfican (spelling intentional) repulbic, and was imprisoned 20 years ago, and I needed their account details so I could send them all of my money and then we'd split the money when I got to safety with their help.

Kevin
December 31, 2012 3:22 PM

Even though I know these Confirmation emails are scams, they all have email addresses that are not what Microsoft would use, and of course no one would ask for your password. But I did a properties search for the incoming email and the IP address for this email came from Redmond Washington, home of Microsoft. Now how would the sent email properties be able to use the IP address from Redmond Washington when it's clear the email is bogus. I mean really, what's the chances the tool doing this is actually living in Redmond. It also says its a Corporate Account and it says it's Microsoft. So not only is the email bogus, but somehow they're managing to disguise the properties so if you check it you'll see that it's actually from Microsoft. Here's what I found...IP: 65.54.190.224
Decimal: 1094106848
Hostname: bay0-omc4-s22.bay0.hotmail.com
ISP: Microsoft Hosting
Organization: Microsoft Hosting
Services: Likely mail server
Type: Corporate
Assignment: Static IP
Blacklist:
Geolocation Information

Country: United States
State/Region: Washington
City: Redmond
Latitude: 47.6801 (47° 40′ 48.36″ N)
Longitude: -122.1206 (122° 7′ 14.16″ W)
Area Code: 425
Postal Code: 98052

It's as simple as the scammer logging into Hotmail and using Hotmail to send the scam. Hotmail is owned by Microsoft, and its servers are identified as residing in Redmond. (Not accurate, but it identifies the server owner, Microsoft, as residing in Redmond.) The actual IP address of the person sending the email is not neccessarily included in the headers when webmail is used.
Leo
03-Jan-2013

Zach
February 21, 2013 2:20 PM

I got one of these and I replied "Hay, If you ARE Microsoft live.... Then don't you know this? Bad Spammer! Bad!" XD and i was only 14 and using my dad's account.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.