Jan 282014

Outlook Prize Email body

This spam message is pretty confusing as the body of the email contains no actual text.  The only thing this email contains is an attachment, which at first thought was thinking this may be an infectious email.   Turns out the contents of the attachment are more phishing in nature.Outlook Contest Email Attachment

So I’ve won a contest, but then why am I receiving this attachment from someone using an assurant.com email address? Especially when this contest is apparently an Outlook & MSN Lottery INC sponsored contest?  The obvious answer is that this email address was compromised and is being used to send further phishing emails.  Even if the from address is from someone you know, emails like this are always fake.

Besides the email address it comes from you can look at the email it’s going to.  It’s an outlook.com address.  If you go to outlook.com you can see that you yourself can sign up for your own outlook.com address.

Now let’s add in the fact that this is apparently a Microsoft sponsored contest, for everyone on the internet.  Let me state that again.  This is a contest for everyone on the internet including those who use a competitive email provider.   That’s a pretty dumb marketing campaign right there, if you want to encourage people to use your system make it for your recipients only.  Beside that fact you expect us to believe that we won $800k?  For just being on the internet?  I know Microsoft likes to give away money, but it shouldn’t take much brain power to understand that is extremely unlikely.

So what does this email strive to obtain besides your personal information?  Well obviously the first thing it wants is your personal information and from there it could go a number of different ways.  They may continue with the whole contest winning until they either ask for money or ask for banking account information.  Another approach would be to take your personal information and use it to tailor future attacks against you that would have a better chance at succeeding.

That’s why you should never give your information to anyone, even if you believe in the longshot there is going to be an alternative motive.  When an attack becomes targeted it’s a lot harder to identify between something that is legitimate and something that is not.


 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>