Microsoft: Phishing Attack?

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Microsoft recently issued several messages to Windows Live Messenger (MSN) users that could have easily been mistaken for a phishing attack. I know, because I received one. The messages asked users to change their credentials, and to confirm other information, in order to keep using the service. If you didn't, then your E-mail would be discontinued by a certain date.


Microsoft said on its blog that the messages were sent out in error and to continue using your e-mail account. It apologized and would review their processes to make sure that they avoided mistakes like this in the future.


Remember, a phishing attack is a social engineering attack. Social engineering attacks are targeted at people, and people are the weakest link in the security chain.


I have several small clients that use Windows Live Messenger and were affected by this as well. I received E-mails asking what they should do? I instructed them not to do anything because I could not believe that Microsoft would do this on such a large scale for no apparent reason. However, if it was a real phishing attack, I wonder how many people would have fallen for it just because it came (or appeared to come) from Microsoft?


As security professionals, we are constantly being tested. I am lucky that I have users that are very distrustful. That in itself is a challenge, but in this case a good one. Maybe that's the answer. Do we need to "turn into a distrustful society?