Microsoft: Phishing Attack?

Ralph DeFrangesco

Microsoft recently issued several messages to Windows Live Messenger (MSN) users that could have easily been mistaken for a phishing attack. I know, because I received one. The messages asked users to change their credentials, and to confirm other information, in order to keep using the service. If you didn't, then your E-mail would be discontinued by a certain date.

 

Microsoft said on its blog that the messages were sent out in error and to continue using your e-mail account. It apologized and would review their processes to make sure that they avoided mistakes like this in the future.

 

Remember, a phishing attack is a social engineering attack. Social engineering attacks are targeted at people, and people are the weakest link in the security chain.

 

I have several small clients that use Windows Live Messenger and were affected by this as well. I received E-mails asking what they should do? I instructed them not to do anything because I could not believe that Microsoft would do this on such a large scale for no apparent reason. However, if it was a real phishing attack, I wonder how many people would have fallen for it just because it came (or appeared to come) from Microsoft?

 

As security professionals, we are constantly being tested. I am lucky that I have users that are very distrustful. That in itself is a challenge, but in this case a good one. Maybe that's the answer. Do we need to "turn into a distrustful society?


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.