I just received an email purportedly (my big word of the day) from Microsoft which I believe is some kind of scam. But I wanted to post it here so that I could warn everyone if it is indeed a scam. Otherwise, I was hoping someone here might be able to examine it and tell me just what it really is.
It is supposedly from Microsoft - which was the big ringing alarm bell to my mind.
The single line in my inbox read as follows: Microsoft account team - Verify your email address - Microsoft account Verify your email address To finish setting up this Microsoft account, we just need
The full message reads as follows:
Microsoft account
Verify your email address
To finish setting up this Microsoft account, we just need to make sure this email address is yours.
Verify CharlieWayne@gmail.com
If you didn’t make this request, click here to cancel.
Thanks,
The Microsoft account team
I got a big laugh from “If you didn’t make this request, click here to cancel.”
I wonder how many poor people will actually click on that link and suffer Lord knows what for doing that. Holy Shit!
If they weren’t so stupid, I might have actually fallen for this.
Please let me know what you think about this? I think it could be a lot more dangerous than most other scam emails.
You should look at the email address of the person who sent it. If it’s an email address that doesn’t look like an official Microsoft email address, then it’s probably spam.
A lot of scammy spams and e-mails have a variety of links in them, like “Subscribe” and “Unsubscribe” and various buttons for more information and “Terms of Service” and “Contact Us” and so forth.
One common give-away that such an e-mail is a scam is that ALL these links not only go to some unrecognized URL, but they all go to the SAME URL. So if you see a bunch of links, hover over several of them and see about that.
‘From’ addresses in emails are very simple to spoof. A scam email could appear to come from an official Microsoft address.
It’s the URL they want you to click that might give it away, but even then, scammers can sometimes make the URL look legit by setting up nested subdomains called ‘com’ and ‘microsoft’ within their own domain.
That is spoofing a solicited email, and looks very close to the kind of email MS sends when solicited to do so. Except for the ‘cancel’ button. And that it is (apparently) unsolicited.
But keep in mind, even looking like an official MS addy doesn’t mean it is. Could be spoofed, and who knows where the links they’re after you to click go.
Another giveaway that the email is a scam; it never uses your actual name. For example, if your email address is CharlieWayne@gmail.com, the email might refer to you as CharlieWayne but never Charlie Wayne, or even Charles Wayne. The legitimate email I receive from my bank or other companies uses my full name.
Yeah for now that is the case, but I expect scammers will eventually put in the time and effort to get their software to extract at least common names from email addresses.
I’m guessing that email is sent because they are trying to find valid email addresses. If someone clicks on one of the links, the server knows that the email was valid and the recipient was able to receive it. It may have nothing to do with trying to phish your Microsoft account details. They may be trying to craft an email which will entice people to click in one way or another. I assume this is to create email lists of validated email accounts. A list of valid email address probably sells for more than a list of billions of random emails.
I heard an NPR report once that said spammers actually don’t want their scams to be too tricky. They want to reel in on,y the most gullible, who’ll be most likely to fall for their scheme. If they reel in even somewhat skeptical folks they will waste their time interacting with people who won’t pan out. It’s like reverse Darwinian selection.