Recently many people have been receiving a phony email that purports to come from Microsoft. In fact, the email address appears as firstname.lastname@example.org. This is not, however, a legitimate email from Microsoft, but rather it is a phishing scam that is intended to get you to provide personal information such as your email provider, your username and your password. Once this information is provided, it is used to make the responder to the email a victim of identity theft. It also can be used to send emails from your email address to friends of yours who may trust the emails because they appear to come from you. This enables the identity thief to send malware in emails that appear to come from you to lure your friends to download the malware by clicking on links in the emails sent using your email address.
Here is an example of the phony email currently being circulated:
“Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click in the Verify button below and enter your login information on the following page to Confirm your records.
Thank you, Microsoft Windows Team.”
Emails like this may appear to be legitimate, but as is the case in this email, the grammar is sometimes not correct. In this particular email, capital letters are misused. In any event you should always be skeptical of any email that requests personal information. When in doubt, you should contact the real company, in this case Microsoft, to confirm whether or not the email is legitimate.