Microsoft: Phishing Attack?

Ralph DeFrangesco

Microsoft recently issued several messages to Windows Live Messenger (MSN) users that could have easily been mistaken for a phishing attack. I know, because I received one. The messages asked users to change their credentials, and to confirm other information, in order to keep using the service. If you didn't, then your E-mail would be discontinued by a certain date.

 

Microsoft said on its blog that the messages were sent out in error and to continue using your e-mail account. It apologized and would review their processes to make sure that they avoided mistakes like this in the future.

 

Remember, a phishing attack is a social engineering attack. Social engineering attacks are targeted at people, and people are the weakest link in the security chain.

 

I have several small clients that use Windows Live Messenger and were affected by this as well. I received E-mails asking what they should do? I instructed them not to do anything because I could not believe that Microsoft would do this on such a large scale for no apparent reason. However, if it was a real phishing attack, I wonder how many people would have fallen for it just because it came (or appeared to come) from Microsoft?

 

As security professionals, we are constantly being tested. I am lucky that I have users that are very distrustful. That in itself is a challenge, but in this case a good one. Maybe that's the answer. Do we need to "turn into a distrustful society?



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.