OFFICIAL SECURITY BLOG
February 26, 2014 | BY Christopher Boyd
You may have survived the Great Hotmail to Outlook changeover of 2013, but be advised there are emails doing the rounds which want to cause a Hotmail handover of their own.
From the spam traps:
The email reads as follows:
All Hotmail customers have been upgraded to Outlook.com. Your Hotmail Account services has expired.
Due to our new system upgrade to Outlook. In order for it to remain active follow the link Sign in Re-activate your account to Outlook. account.live.com
The Microsoft account team
Clicking the link won’t immediately take potential victims to the phish, because the people behind the email managed to slightly bork the clickable link, and by “slightly bork” I mean “completely destroy”:
http://%20%20%20http// [rest of URL goes here]
This is what the eager link clicker will see – note the space after the “www”, which is what all that “%20%20” stuff means:
If they’re determined to reach the “reactivation page”, they’ll then close up that space in the web address. Of course, should they do that…
…they’ll find they arrive on a website entirely unrelated to anything they happen to be doing. The actual location of where our overly hopeful mail sender wanted victims to land would be here:
The URL the above page is hosted on appears to be a Sake website, so it’s quite possible they’ve been compromised and had the “Outlook” page placed there without permission.
For the time being, any Hotmail accounts you have will still function as normal – the only real difference is that you’re still using the Outlook URL to sign in.
Some additional good news with this one (in addition to the wonderful news that the people sending this mail can’t insert web addresses correctly) is that Outlook itself flags the message as spam and deposits it in the spam folder.
You’d really have to try hard to catch yourself out with this mail, but stranger things have happened. Don’t fall for it!