Warning : Fake Microsoft notification allegedly from Windows Live

imageOkay, so there are about a million social techniques being used in email to get your attention and entice you to click on some bad link, but since this one purports to be from Microsoft, I thought I’d post a quick warning and do a bit of digging, since it is the first of these that I’ve gotten and I received 3 variations (different alleged friends on the invite) over the weekend.

First, let’s take a quick look at the Fake email

image

First, note that the “From:” address isn’t even valid.  If you weren’t aware, the SMTP protocol doesn’t do any validation of this field for email, so Spammers (and anyone) can put anything there they want.  Since this one isn’t even valid and doesn’t have an alias with the domain, it is a definite warning signal that this is a fraudulent mail.

Next, note that I don’t know anyone named Kaylen Giles.  This is an additional warning signal.

Also note that links 3, 4 and 5 all go to real locations.  3 and 4 take you to login.live.com and prompt you to login to Windows Live and will take you to your profile if you do so.  5 takes you to the actual Microsoft privacy policy page.  These real links add credibility for the email.

However, note that if you click on link 6 “View invitation”, it takes you to a link that displays on the hover as contentmaxim.com, but that is not the ultimate destination.

I created a Virtual PC (VPC) using the XP Mode image to use as a safe test environment and clicked on the link.  I expected to be attacked, but in this case ended up being redirected to a site purporting to be “Toronto Drug Store” (canadapillgroup.com) – here is a screenshot:

image

Who knows if this is even a “valid” site for ordering Viagra?  I browsed around the site in my VPC and added some Retin-A to the shopping cart and when I went to check out, it took me to https://safeorderpage.com/cart/checkout, but I stopped there.

Too risky by far.

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »