Hotmail phishing: Don't send us the wrong password or we'll suspend your account!

SophosLabs: Have you been told to verify your Hotmail account? Did you receive a message saying that Hotmail’s email servers were congested, and so they were removing all unused accounts?

If so, I hope you responded to the email with a roll of the eyes and a quick stab of the delete button. Because if you didn’t, you might have been at risk of having your login credentials stolen.

Thanks to the reader, who forwarded us the following phishing email that he and others received, posing as communication from Hotmail:

Part of the email reads:

We are upgrading our database to serve you better. Due to the congestion in our E-mail servers there would be removal of all unused Hotmail Account. You will have to confirm if your E-mail account is still active by filling out your information below after clicking the reply button

The email then requests that you reply with your Hotmail username, password, date of birth and country. Of course, doing so puts vital information right into the hands of the cybercriminals.

It looks like the bad guys have had some problems in the past though, with victims handing over incorrect information (how typical!):

Ensure every detail requested above is provided correctly upon receipt of this notification to enable the upgrade. Incomplete details and wrong passwords forwarded will result in suspension or closure of your account for security reasons.

The fact is, of course, that the email isn’t from Hotmail, and they would never ask you for your password. Although a simple phishing scam like this can be obvious to those of us who work in the field of computer security, there are plenty of less-savvy people out there who might be fooled into responding – and hand over the keys to their account.