In the last few weeks, I've noticed an increase in phishing and email fraud as I noted a few days ago in my post The new year rings in another bonus: a rise in bogus electronic greeting cards. (More on what a phishing scam looks like is available here on Microsoft.com.) Although one Microsoft study notes that phishing isn’t as profitable as originally thought, we still see it rampant on web pages and unsolicited emails.
As my associate Neil Holloway said, "Phishing is a crime. It undermines consumers' trust in the Internet and is an impediment to European policy-makers' and industries' efforts to boost citizens' use of innovative and valuable Internet services."
And consumers are a significant target for these types of attacks, as my friend Adrienne Hall (in the Trustworthy Computing group) said to SecurityFocus: "For the broad swath of the consumer public, the attacks are fairly more simplistic, and yet, they are luring so many people, that they are still the largest threats."
Well, today on the Microsoft section of getsatisfaction.com I saw this question on bogus Microsoft lottery winner notifications with customer Horváth asking…
"It is True?"
Let's take a look (phone # redacted):
Your Reference No: WA6FI-L/200-26937
Your Batch No: 20089SEPTL#22
OFFICIAL WINNING NOTIFICATION.
We are pleased to inform you of the release of the long awaited results of Sweepstakes promotion organized by Microsoft, in conjunction with the foundation for the promotion of software products, (F.P.S.) held this January 2009, in Espana. Where in your email address emerged as one of the online Winning emails in the 2nd category and therefore attracted a cash award of 1,000,000.00 Euros (One Million Euros).
To begin your claim, do file for the release of your winning by contacting our Foreign Service Manager:
Dr. Pedro Marios Ruben.
Internet Fax: +1-831-###-####
The Microsoft Internet E-mail lottery Awards is sponsored by our CEO/Chairman, Bill Gates and a consortium of software promotion companies. The Intel Group, Toshiba, Dell Computers and other International Companies. The Microsoft internet E-mail draw is held periodically and is organized to encourage the use of the Internet and promote computer literacy worldwide.
Mrs. Anna Marisa.
Reminds me of the famous line: "one million dollars…"
Equally believable (not), email such as this one are likely fraudulent communications commonly referred to as a "phishing" email. We believe that the email is fraudulent and recommend that you do not respond. We take these reports very seriously and I forwarded this report to our security team.
This on the infamous Microsoft Lottery…
"You have won the lottery."
The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft. There is no Microsoft lottery.
For more information on how to protect yourself from fraudulent emails, please see Microsoft's Anti-Phishing Site, and my posts on Phishing: Don't get caught and FYI: new scams featuring the IRS logo to get your PII.
Other related links and resources…
- Get Internet Explorer 8 (updated 040510)
- Phishing Filter: Help protect yourself from online scams
- How to handle suspicious e-mail
- What to do if you've responded to a phishing scam
Tip from the Microsoft Anti-Phishing site: To see updated examples of popular phishing scams or to report a possible phishing scam, visit the Anti-Phishing Working Group Archive.