This is a phishing attempt, right?

I received this email yesterday, and another copy today:

(links broken by me)

I haven’t attempted to reset my password, so I wasn’t expecting the message. I’m guessing that this is one of two things:
-An outright phishing attempt - and the links point to somewhere that will prompt me to divulge my account login details (although the links don’t look like they will do that)
-Evidence that someone else is making password reset requests against my live messenger account.

Anyone else seen it? The message itself seems a bit plain-text for something from MS.

If it says you requested something you didn’t, it’s probably phishing. If you really want to know, go to the appropriate URL from your bookmark or by looking it up and typing it into the browser yourself. Compare the URL to the ones this e-mail shows on mouseover. You can also e-mail the legit site and ask if they sent you the e-mail. My guess is that they didn’t. You might look for the legit site’s phishing/fraud page and forward them this e-mail.

I’m gonna go with “What is phishing”, Alex. :smiley: We have hotmail, too, and we get those, too, and we haven’t requested to reset our password, either. And we don’t use Messenger, either.

And…

Right. That’s the idea. If it looked too obviously scammy and fake, they wouldn’t catch any fish. Think of it as Darwinian selection applied to Internet scams. The ones that look the most realistic as they lie in wait on the ocean floor are the ones that catch the most prey. Phishers have all kinds of ways of making those links look authentic but have them take you to a kind of Stephen King place where you’d rather not be. :smiley:

We got a whole series of phishing e-mails purportedly from our bank, which looked completely authentic, links and everything, but weren’t.

And of course eBay spoofing is legendary for how authentic it all looks.

If only all that creativity could be channeled into something more constructive, like, I dunno, world peace or something… :smiley:

P.S. There’s a good deal of more technical discussion on the web if you google the relevant phrase “received your request to reset your Windows Live password”, and a few possible reasons why it might be legitimate, but I’m gonna go with phishing. “Do Not Click Links In Email” is always a good rule to live by.

You underestimate the stupidity of the average user, e.g., my customers.

Doesn’t the fact that it says right there in the message to copy/paste the link, make it probably legit?

There’s nothing magic about copy & paste that prevents your getting to a harmful URL. The instruction makes it SEEM more legit, especially with its little intro that says, in effect, “we’re not phishing.” Of course, plenty of con men will tell you “I’m not going to cheat you.” I think the copy & paste is just to get people to think what you expressed.

So Viscera, sounds like they’ve found an easy way to snag you.

Not as I understand domain names. I don’t think accountsevices.msn.com necessarily has anything to do with www.msn.com. I think anyone can get any domain name that is not spoken for. I’m sure someone will be around shortly to correct me if I’m wrong.

In that case, the phishing warning is just there to make the message look more authentic.

Right click on this link and select copy shortcut, then paste it. :slight_smile:

http://www.bankofamerica.com/accounts/administration/login.aspx

Sure, if you copy the actual text by selecting it and choosing “Copy” specifically, it will go to that actual link, but even then, they often have domains that look like the real thing at a glance, but aren’t, such as…

http://www.bankofamerca.com/accounts/administration/login.aspx

A phisher shouldn’t be able to get a subdomain of the msn.com domain, so that’s not likely, but as noted by several folks above, it might not actually take them to that domain.

I’m guessing that someone tried to access your account and that this is real. What I’d personally do is go to the “CANCEL PASSWORD RESET” link and see what’s there. Since you should be able to perform the cancel without giving any account information whatsoever, including login name and password, if you are asked any of those, I’d say phishing.

If the URL’s are legit (meaning they go to actual msn.com servers, and without the kind of hyperlink trickery that DMC is referring to), then it’s not technically a phishing attempt. I say this because the phisher can’t possibly gain your info by you going to msn.com. Because by going to accountservices.msn.com, you are on a legit msn site. Most likely someone attempted a “change password” on your account. And lo, you were protected because MS sent you an email instead of letting them change the password online.

Also as DMC said, no, someone can’t come along and take, e.g., “ihackedms.msn.com” when the msn.com domain belongs to Microsoft. msn.com is the entire domain; accountservices.msn.com denotes a host within that domain. No one but Microsoft can create hosts in their own domain.

All that being said, it is theoretically possible that there is a rogue MS employee or otherwise someone who managed to set up a rogue host within msn.com. The former I suppose is not out of the realm of possibility, but the latter is extremely unlikely, and if someone managed to do that, they probably managed to steal all your msn info anyway and can change your password without having to phish you.

The other trick is that even the underlying URL might be easy to misunderstood - for example what appears to be msn.com in the url might actually be a subdomain of some completely unrelated site (maybe msn.com.1213134654656423321635465scammer.com, for example)

Correct. That’s much like the attachments that are named something like hotpicture.jpg.vbs that used to be all the rage. They hoped, often correctly, that most users would have “Hide extensions for known file types” turned on, thus hiding the .vbs portion.

By the way, did you paste the “CANCEL PASSWORD RESET” link, and if so, what was the verdict?

I don’t think it’s a phishing attempt.
The msn domain looks correct.
I think someone tried to hack into your msn account, and change your password.

Absolutely right. But seeing “msn.com” imbedded in the address can lull the unsuspecting victim into thinking that that is the actual domain.

Example: trustme.msn.com.fishing4u.ru is probably not something you want to trust, but there’s that “msn.com” right up front!

Here’s a true example from my files. (I have changed and truncated the link slightly so you can’t accidentally connect to the bad site.) This purports to be a CitiBank site.

First, here is the link as displayed:

http:// citibusiness.citibank.com/businessdir/cbov

And here is the actual link as revealed by mouseover. Note that the true domain (8marnad.vg) is somewhat concealed:

http:// citibusiness.citibank.com.8marnad.vg/businessdir/cbov…

Seconded. It’s not phishing. It’s somebody requesting password resets on your account. Anyone can do that.

Also, just to check, I clicked the password reset option on Windows Live. I got the exact same email as you.

The way I’ve always seen it done is using an @ sign. Anything before the @ sign is ignored by the browser, so you can have a long URL like

http://login.thisisyourbanksrealsite.com/banking/secure/login.asp@www.scamsite.com/phish.asp

and, especially when the URL gets truncated, it can appear OK.

The privacy addy makes no sense: http: //g.msn.fr/2privacy/frfr.

I just went into WindowsLive and pulled up the privacy info and it comes up under microsoft, not MSN. I would be wary, especially since you did not request the password change and since you’ve receive it multiple times.

But then again I’m very suspicious about that stuff.

Whether or not this is legit or not, I wouldn’t put it past a phisher to put in the cut and paste advisory expecting that some large percentage of their prey, getting confident, would click the link anyway.Saving the mail as text might be interesting, and let you see what is really going on.

The one I got when I reset my password is as follows:

http://g.msn.com/2privacy/enus

The OP’s link looks legit to me.