Another year, another sea of phish. And such scams — called phishing, where scammers steal your personal and/or financial data by pretending in an email that they are your bank/credit card company etc — aren’t just about money. Here’s one I got this morning from ‘Microsoft’:
Dear Registered Microsoft User,
Due to validation issues with your Product Key for your Windows OS Platform, we need you to validate your information so we can insure nobody else is using your product key. Each computer must have a unique Product Key, this problem usually happins if you install Windows twice on the same machine and use the same product key.
We need you to verify your information so we can send you a New Product Key VIA USPS. This also includes a information packet including ways to secure your Windows Platform from malicious hackers. Your reply is needed so you can continue to receive updates from Microsoft and always be up to date with the newest Service Packs. Please follow the directions below to complete the process.
1. Click Here to be redirected to Microsoft Secure Server
2. Fill all the required fields and press “Continue”.
3. Insure your information is correct, and then fill in the required fields and press “Submit’.
4. Please print the final page to keep reference to.
5. Your done! Please except the package in 4 to 6 weeks.
Please do not reply to this e-mail confirmation. It was sent to you through an automated system that is not monitored. If you have additional questions, you can call Microsoft Customer Service Monday through Friday, 8 A.M. to 10 P.M. (Eastern Time), at (888) 218-5617 (toll-free in the United States).
Microsoft highly recommends that users with Internet access update their Microsoft software to protect against viruses and security vulnerabilities. The easiest way to do this is to visit the following website: http://www.microsoft.com/protect
The ‘Click Here’ link goes to a website called http://badkeymicrosoft.ch which doesn’t look to be too well hidden. But I’ve passed the email on to Daniel McNamara over at Codefish Spamwatch who says it’s a new trick he hasn’t seen before, and although the URL is visible in my email program some (read: snazzier) email programs might do a better job of hiding it.
So what do scammers want with your Microsoft profile? Not a lot, probably: Daniel reckons they’re after your bank account numbers, address etc. He says the site is down now, probably after complaints to the company hosting it, but that such sites only need a few hours to do their work, catching a few people unawares.