Suspicious E-mail To Reset My Windows Live Password

Discussion in 'Computer Security' started by RTMAN, Dec 9, 2007.

  1. <responded inline...>
    Why? What are they going to do? Shut down the Internet?
    Okay. That's good.
    Also fine.
    Who's doing that? This whole discussion is about a spammer/phisher... Not
    Microsoft. I agree - the spammer/phisher who sends out email (any email)
    should be stopped. It's just a new and easier method of junk mail in your
    physical postal mailbox.
    I'm sure there are spammers/phishers working those angles too.

    I believe you have misinterpretted the email as being a legitimate one and
    missed that it is a scam/sham/phishing attempt in order to get information
    out of you using fear/ignorance.

    It's not.

    If you want to send microsoft an email about a problem you are having or
    something you believe is a priovacy concern for you that seems to involve
    them - I suggest:

    https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1310&showpage=1&ws=1prcen

    Be sure to include the headers from the email in question so they can more
    easily trace it back to its source.

    Need to know how to view the headers?
    http://email.about.com/sitesearch.htm?terms=headers&SUName=email&TopNode=99

    That may help.
     
    Shenan Stanley, Sep 27, 2008
    #21
    1. Advertisements

  2. RTMAN

    Accidntl Guest

    Within a couple days of using my hotmail account at work (something I seldom
    do)I received the famous "Reset your ...". I'm pretty sure I had checked
    the box to not remember my pw for that computer. So, unfortunately, my
    suspicion is that someone in our small office is trying to login to my
    account. The second, but more serious, possibility is that they gained
    access to my account (filled with years of transaction data).
    My guess is, though, that they did not gain access, but instead are trying
    to reset the pw so that they can.

    My response was to ignore the request form Windows live hotmail and actually
    reset my password from my home computer to a new password.

    About 6 hours after doing that I received the "Reset your Windows Live
    password ..." again.

    I always login via pw to hotmail (even on my home computer).
    I will ignore this most recent "Reset your ..." just to see if my new
    password is rejected.

    If my current pw change request (the one I initiated) is rejected because I
    do not follow thru with the confirmation e-mail instructions - then I will
    change it again and follow thru with the next set of instructions (doing the
    copy and paste into address bar).
     
    Accidntl, Oct 4, 2008
    #22
    1. Advertisements

  3. I believe you are reading into coincidence.

    You happen to use your Hotmail in one place and think about using it there
    as being different than the norm. You happened - at about the same time -
    to get the phishing email. You changed your password in the safest manner
    you could think of - feeling nervous about the whole situation - and you got
    another email.

    My bet is that if you did nothing - you would continue to receive these
    emails and you would continue to be able to logon just fine.

    It's like the people calling you on the phone about a low-interest rate on
    your Visa or Mastercard (answer and ask them which one of your cards it is -
    refusing to give them any other information - as it is fun to frustrate
    them.) Or the people calling you about extending your car warranty (anwer
    these too - ask them which car. The answer will probably be "a vehicle
    purchased between 1995 and 2007"... That's useful (not). Remember - give
    them no information. Or the mail you get in your actual mailbox to call in
    for this or that sweepstakes. It's all basically the same BS. ;-)
     
    Shenan Stanley, Oct 4, 2008
    #23
  4. RTMAN

    mamac Guest

    I also have been receiving this email in my hotmail account and after a
    while it started coming to my backup email. So I contacted them
    directly and this is their reply:

    Hello,



    Thank you for your message to MSN and Windows Live Privacy.



    I understand that you are frequently receiving e-mails saying you have
    requested to reset the password. I know how important it is for you to
    find the authenticity of the received e-mails.



    The message you received is a ?phishing? attempt. Do not reply to the
    e-mail and delete it immediately. Phishing is a type of deception
    designed to steal your money or your identity, by tricking you into
    disclosing information like credit card numbers, passwords, or other
    confidential personal information. Online scam artists do this by
    sending fake e-mail that appears to come from a source you would
    normally trust ? like your bank or credit-card company and Microsoft.



    As a general online practice, we strongly recommend that you do not
    respond to requests for personal information via e-mail.



    You may want to go through the following web link, which explains the
    various types of phishing e-mails that are prevailing in the Internet at
    present:

    http://emailsupport.spaces.live.com/default.aspx



    For more information on Phishing and ways to help protect your personal
    information, visit the following web links:



    Page Title: ?Recognize phishing scams and fraudulent e-mail?

    http://www.microsoft.com/protect/yourself/phishing/identify.mspx



    Page Title: ?Phishing Filter: Help protect yourself from online scams?

    http://www.microsoft.com/protect/products/yourself/phishingfilter.mspx




    We appreciate your effort in bringing this to our attention. I
    appreciate your patience.



    Sincerely,



    Sujith

    MSN and Windows Live Privacy
     
    mamac, Dec 20, 2008
    #24
  5. RTMAN

    Erco Guest

    Reset your Windows Live passwordâ€
    From: Microsoft Customer Support ()
    Sent: Tuesday, February 03, 2009 6:01:21 PM
    To: ********@hotmail.com

    Hello, ***********@hotmail.com: We received your request to reset your
    Windows Live password. To confirm your request and reset your password,
    follow the instructions below. Confirming your request helps prevent
    unauthorized access to your account. If you didn't request that your password
    be reset, please follow the instructions below to cancel your request.
    CONFIRM REQUEST AND RESET PASSWORD 1. Copy the following web address:
    https://accountservices.msn.com/EmailPage.srf?emailid=cda77826af4d1709&ed=BwFRLE4ArZt07kmpgTvs8I8/VOvJTvf5zDRG6pWMpVXeXoPc6ApOhuoEV2F6&lc=1033&urlnum=0
    IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading
    links, Microsoft recommends that you do not click links in e-mail, but
    instead copy and paste them into your browsers, as described above. 2. Open
    your web browser, paste the link in the address bar, and then press ENTER. 3.
    Follow the instructions on the web page that opens. CANCEL PASSWORD RESET 1.
    Copy the following web address.
    https://accountservices.msn.com/EmailPage.srf?emailid=cda77826af4d1709&ed=BwFRLE4ArZt07kmpgTvs8I8/VOvJTvf5zDRG6pWMpVXeXoPc6ApOhuoEV2F6&lc=1033&urlnum=1
    IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading
    links, Microsoft recommends that you do not click links in e-mail, but
    instead copy and paste them into your browsers, as described above. 2. Open
    your web browser, paste the link in the address bar, and then press ENTER. 3.
    Follow the instructions on the web page that opens. OTHER INFORMATION
    Windows Live is committed to protecting your privacy. We encourage you to
    review our privacy statement Privacy Statement at
    http://g.msn.com/2privacy/enus. For more information, go to the Windows Live
    Account site at https://account.live.com. Thank you, Microsoft Customer
    Support NOTE: Please do not reply to this message, which was sent from an
    unmonitored e-mail address. Mail sent to this address cannot be answered.

    {0}
    Mark as read

    Mark as unread

    Delete

    Junk

    Not junk

    Print

    View message source

    © 2009 Microsoft Privacy Legal Help Central Account Feedback

    What is that message i do not want to restart my password? so ? this is
    coming every day.. Please help me Ä° do it phishing scam. but stil coming.
     
    Erco, Feb 3, 2009
    #25
  6. RTMAN

    nuurto Guest

     
    nuurto, Jul 1, 2009
    #26
  7. RTMAN

    nuurto Guest

     
    nuurto, Jul 1, 2009
    #27
  8. RTMAN

    nuurto Guest

     
    nuurto, Jul 1, 2009
    #28
  9. RTMAN

    nuurto Guest

     
    nuurto, Jul 1, 2009
    #29
  10. RTMAN

    nuurto Guest

     
    nuurto, Jul 1, 2009
    #30
  11. RTMAN

    Peter Foldes Guest

    You jumped on to a 3yr old post. Get a life
     
    Peter Foldes, Jul 2, 2009
    #31
  12. RTMAN

    Thiago Guest

    Return-Path: <>
    Received: from sumeria2.bol.com.br (sumeria2.srv.intranet [172.27.64.63])
    by suntzu6-b with LMTPA;
    Sat, 25 Jul 2009 14:14:28 -0300
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by selva12.bol.com.br (Postfix) with ESMTP id 9D87416E
    for <>; Sat, 25 Jul 2009 14:14:28 -0300 (BRT)
    X-UOL-T: -42
    Received: from servera02.blusmtp4.msn.com (servera02.blusmtp.msn.com
    [65.55.238.141])
    by selva12.bol.com.br (Postfix) with ESMTP id 41A2D18D
    for <>; Sat, 25 Jul 2009 14:14:28 -0300 (BRT)
    Received: from BAYIDSBAT01 ([65.54.254.103]) by servera02.blusmtp4.msn.com
    with Microsoft SMTPSVC(6.0.3790.3959);
    Sat, 25 Jul 2009 13:14:26 -0400
    Date: Sat, 25 Jul 2009 10:14:19 -0700
    From: Atendimento ao Cliente Microsoft <>
    Subject: Redefina sua senha do Windows Live
    To: <>
    X-Priority: 3
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="Windows-1252"
    Message-Id: <>
    X-SIG5: d972197d685ea6c4621a555e42eb8801
    Content-Transfer-Encoding: quoted-printable


    Ol=E1, :

    Recebemos sua solicita=E7=E3o para redefinir sua senha do Windows Live. P=
    ara confirmar a solicita=E7=E3o e redefinir a senha, siga as instru=E7=F5=
    es abaixo. A confirma=E7=E3o da solicita=E7=E3o ajuda a evitar o acesso n=
    =E3o autorizado =E0 sua conta.

    Se voc=EA n=E3o solicitou a redefini=E7=E3o da senha, siga as instru=E7=F5=
    es abaixo para cancelar a solicita=E7=E3o.


    CONFIRMAR A SOLICITA=C7=C3O E REDEFINIR A SENHA

    1. Copie o seguinte endere=E7o da Web:

    https://accountservices.msn.com/EmailPage.srf?emailid=3Dc6a5921a03dec013&=
    ed=3DB4OlYzWWc/mwLXnsOABsN3ksROcDxyBX0hHZUeb0mFBoWYAWb7KHEWAMxM80kmUD39c6=
    poc%3D&lc=3D1046&urlnum=3D0

    IMPORTANTE: como emails fraudulentos (phishing) em geral usam links falso=
    s, a Microsoft recomenda que voc=EA n=E3o clique em links de email, mas, =
    em vez disso, copie e cole os links no navegador, conforme descrito acima=
    ..

    2. Abra seu navegador da Web, cole o link na barra de endere=E7os e press=
    ione ENTER.

    3. Siga as instru=E7=F5es na p=E1gina da Web que =E9 exibida.


    CANCELAR A REDEFINI=C7=C3O DE SENHA

    1. Copie o endere=E7o da Web a seguir.

    https://accountservices.msn.com/EmailPage.srf?emailid=3Dc6a5921a03dec013&=
    ed=3DB4OlYzWWc/mwLXnsOABsN3ksROcDxyBX0hHZUeb0mFBoWYAWb7KHEWAMxM80kmUD39c6=
    poc%3D&lc=3D1046&urlnum=3D1

    IMPORTANTE: como emails fraudulentos (phishing) em geral usam links falso=
    s, a Microsoft recomenda que voc=EA n=E3o clique em links de email, mas, =
    em vez disso, copie e cole os links no navegador, conforme descrito acima=
    ..

    2. Abra seu navegador da Web, cole o link na barra de endere=E7os e press=
    ione ENTER.

    3. Siga as instru=E7=F5es na p=E1gina da Web que =E9 exibida.


    OUTRAS INFORMA=C7=D5ES

    O Windows Live tem o compromisso de proteger a sua privacidade. Recomenda=
    mos que voc=EA leia nossa Declara=E7=E3o de Privacidade em http://g.msn.c=
    om.br/2privacy/ptbr.

    Para obter mais informa=E7=F5es, v=E1 para o site Windows Live Account em=
    https://account.live.com.


    Obrigado,

    Atendimento ao Cliente Microsoft

    OBSERVA=C7=C3O: n=E3o responda a esta mensagem. Ela foi enviada de um end=
    ere=E7o de email n=E3o monitorado. Os emails enviados a este endere=E7o n=
    =E3o poder=E3o ser respondidos.
     
    Thiago, Jul 25, 2009
    #32
  13. I just received a similar email in two linked live email accounts, minutes
    after I had sent emails to some ebay sellers asking for information about the
    items they had for sale. The two links to accept or cancel the change
    password request are identical, and it looks like the links email the page
    somewhere after you fill it out. My guess is that the page asks for your
    current password and then emails it to the crooks.

    If you want to change your password you just do it. You don't send in a
    request to microsoft and they sure don't send you a questionaire about it.
     
    perfectionality, Sep 8, 2009
    #33
  14. RTMAN

    Canuck Danni Guest

    Hey guys, I got the same message this is the 3rd time now, the only thing
    that worries me is that it was also sent to my gmail account. I couldn't
    figure out why. It's really worrying me.

    Any thoughts?
     
    Canuck Danni, Sep 23, 2009
    #34
  15. RTMAN

    Kumchan Guest

    Yes, I have had this email quite a few times now, and I dont seem to trust it
    as it's saying youremailadress@live/hotmail.com and not your name set to this
    address for exmaple:
    "
    Hello John

    etc etc
    "

    Usually scammers use this like Dear Paypal CUSTOMER and not the user's name.
    this is quite confusing and it's bugging me.
     
    Kumchan, Oct 11, 2009
    #35
  16. RTMAN

    Tanya Guest

    I also received this email and i am very suspicious
     
    Tanya, Jan 14, 2010
    #36
  17. RTMAN

    MEB Guest

    When/if you receive this type of mail, you should check the actual
    header [view source or otherwise] and look for the sending and return
    addresses and other included. It is best to use work off-line AND
    disconnect your network/Internet connection if you are using an email
    program rather than the web interface.

    If you *do not* respond, the password will NOT be reset, so don't
    respond [unless the account is already hacked, then start your own
    *support ticket* AND make sure to contact Live/Hotmail *directly*].
    Make notes or save the email and direct to the proper authorities.

    However,

    It is quite common to receive this message or similar from either a
    @live, @hotmail, @gmail, @yahoo, or other account from a fraudulent user
    who has setup some faked support or purportedly authoritative account.
    Sometimes you will find something like this:

    Return-Path: {something}@umail.hinet.net
    and contained in the body, you find a click-enabled link WITH the re-direct:
    <a href=the-scumbag-desired-address>Windows Live Support</a>
    or some other form of a re-directed address with maybe a legitimate NAME
    AND actual contents from a once legitimate Live email [or so by
    appearance], however, it includes re-directed click-enabled links and
    noticeable return path.

    and/or

    X-SID-PRA: Windows Live Team <{>
    Return-Path:
    [looking at the bounced around posting agents/mailers, though it may
    come directly from msn, hotmail, live, or other fake support account]
    X-Originating-IP: [xxx.xxx.xxx.xxx] - not really where its from if
    bounced or faked OR, again, it MAY come directly from a faked
    Live/Hotmail support
    *some faked support authority with an actual account to collect the
    information*
    Reply-To: <> {something that may *look*
    legitimate}
    From: Windows Live Team <>
    Subject: Window Live Hotmail! Warning! Verify Your Account Now To Avoid
    Closure (VX2G99AAJ ) !!!
    or similar, all attempting to get your attention and cause you to respond.

    and/or

    Reply-To: <>
    From: =?Windows-1252?Q?Windows_Live=99_TEAM?=
    <>
    To: =?Windows-1252?Q?Windows_Live=99_TEAM?= <>

    and/or

    Using some or all of the above or similar, the message may ALSO contain
    legitimate looking Microsoft graphics and links, however, the graphics
    or other, may contain exploits and/or are pulled/loaded from sites which
    collect IP and other information, and these or other coding may inject
    [or attempt to] other malware into your system using XSS or other
    methods. You MAY also be subjected to CSRF/XSRF.


    The short: *NEVER* "respond" to the mail or use the links provided. You
    should NEVER view any mail but from ABSOLUTELY trusted sources in
    anything but text. Just remember those supposed trusted accounts may
    have been compromised, so they may not be trustworthy, or the party may
    send you some malware inclusive email, so it is best to always use text
    only. IF you want to view an html style then do so on a *per need and
    trust* basis.

    IF you are concerned [and you should be as this is becoming quite a
    sophisticated attack method constantly being adjusted to avoid the
    present fixes, protections, warnings, and work-arounds]:

    *FIRST* shut-down your email program and check your system for malware
    by a FULL scan, do NOT expect your "on-access/online" protections
    protected you or rely upon those supposed protections. Clean-up any temp
    folders and whatever other methods you use to protect your computer.
    Make sure you have updated your anti-malware programs.

    Re-start the computer and re-scan.

    Then do a https [secured] login to your account via the Web interface,
    and check and change your password and key phrase.
    Logout and shut down the browser.
    Start your email program [allowing a couple minutes before attempting]
    and make whatever changes necessary in your email program; which should
    have error out when attempting to access the account if configured to
    check for mail at startup.

    ---

    *IF* you are using the account already logged into the Web interface
    [not via your mail reader] and read the message online [when you have
    ALREADY verified by the sign-in/login] and have to rely upon that interface:
    logout;
    shut down your browser and clean the temp files;
    re-start the computer;
    scan for malware and cleanup the temp files;
    log back into the account using https;
    go immediately to account settings and reset password and phrase.
    Logout and shut down your browser;
    Login in again using the new password [and save the new password if
    that's what you do though not recommended].
    Make whatever changes are necessary in your email program.

    REFERENCE concerning the potential exploit, and legitimate usage:

    Windows Live Hotmail Postmaster Services
    http://postmaster.msn.com/

    http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.vc.mfc&tid=956f8d84-0e66-4eb7-9451-3aadf49ee500&p=1

    And you can search for other similar issues and: phishing, scams,
    exploits, Live mail hacked, and other like contact/email issues.

    --
    MEB
    http://peoplescounsel.org/ref/windows-main.htm
    Windows Info, Diagnostics, Security, Networking
    http://peoplescounsel.org
    The "real world" of Law, Justice, and Government
    ___---
     
    MEB, Jan 14, 2010
    #37
  18. RTMAN

    Luiz Guest

    I have received exact the same email
     
    Luiz, Apr 19, 2010
    #38
  19. RTMAN

    Tom Willett Guest

    Bully for you.

    :I have received exact the same email
    :
    : "RTMAN" wrote:
    :
    : > I received the following e-mail which is very suspicious since I never
    : > requested to change my password. I am afraid to follow the instructions
    to
    : > cancel the request not knowing who sent this and not wanting to provide
    any
    : > information that can be used wrongly. Is there any way to tell if this
    is
    : > legitimate?
    : > (I purposely x'd out my e-mail address.)
    : >
    : > Reset your Windows Live password?
    : > From: Microsoft Customer Support ()
    : > Sent: Sat 12/08/07 6:39 PM
    : >
    : > Hello, : We received your request to reset your
    : > Windows Live password. To confirm your request and reset your password,
    : > follow the instructions below. Confirming your request helps prevent
    : > unauthorized access to your account. If you didn't request that your
    password
    : > be reset, please follow the instructions below to cancel your request.
    : > CONFIRM REQUEST AND RESET PASSWORD
    : > 1. Copy the following web address:
    : >
    https://accountservices.msn.com/EmailPage.srf?emailid=db460525dce17b44&ed=B8JguPlbiq9iSoS7jYr8r9pQgtrLUG/892o7eBI55S3acxhpFhgJjpy2dMus&lc=1033&urlnum=0
    : > IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading
    : > links, Microsoft recommends that you do not click links in e-mail, but
    : > instead copy and paste them into your browsers, as described above.
    : > 2. Open your web browser, paste the link in the address bar, and then
    press
    : > ENTER.
    : > 3. Follow the instructions on the web page that opens.
    : > CANCEL PASSWORD RESET
    : > 1. Copy the following web address.
    : >
    https://accountservices.msn.com/EmailPage.srf?emailid=db460525dce17b44&ed=B8JguPlbiq9iSoS7jYr8r9pQgtrLUG/892o7eBI55S3acxhpFhgJjpy2dMus&lc=1033&urlnum=1
    : > IMPORTANT: Because fraudulent ("phishing") e-mail often uses misleading
    : > links, Microsoft recommends that you do not click links in e-mail, but
    : > instead copy and paste them into your browsers, as described above.
    : > 2. Open your web browser, paste the link in the address bar, and then
    press
    : > ENTER.
    : > 3. Follow the instructions on the web page that opens. OTHER
    INFORMATION
    : > Windows Live is committed to protecting your privacy. We encourage you
    to
    : > review our privacy statement Privacy Statement at
    : > http://g.msn.com/2privacy/enus. For more information, go to the Windows
    Live
    : > Account site at https://account.live.com. Thank you, Microsoft Customer
    : > Support NOTE: Please do not reply to this message, which was sent from
    an
    : > unmonitored e-mail address. Mail sent to this address cannot be
    answered.
    : >
     
    Tom Willett, Apr 19, 2010
    #39
  20. That is impossible.

     
    FromTheRafters, Apr 19, 2010
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.