Hoax Slayer's Brett M. Christensen is warning of a new spam campaign claiming to come from the "Microsoft Cyber-Crime Department" that asks recipients to validate their accounts by clicking on a link in the e-mail.
The spam e-mails read, in part, "As part of the security measures to secure all email users across the world, All email users are mandated to have their account details registered as requested by the Microsoft Cyber-crime Dept ( M C D ) . You are here by required to validate your account within 24 hours so as not to have your email account suspended and deleted from the world email server."
"The fact that it’s so poorly written clearly indicates that this is nothing more than a malicious scam that’s designed to steal the usernames and passwords of unsuspecting internauts," writes Softpedia's Eduard Kovacs.
"The phishers used the official logo of the Microsoft Digital Crimes Unit in order to lend the email an aura of legitimacy," writes Help Net Security's Zeljka Zorz. "Following the embedded email will take the victims to a page where they are asked to supply their email address, username and password. Unfortunately, the inputed information is sent directly to the phishers."
"Once they have collected the submitted information, the scammers can then use it to hijack the compromised email accounts and use them to steal further information and send out more scam and spam emails to the people in the account's address book," Hoax Slayer's Christensen writes.