Spoofed security warning from Microsoft

We all have seen spoofed e-mails at times. For IT professionals these are relatively easy to pinpoint. Some bad guys are educated, others are not so lucky. Here’s an example of a spoofed e-mail from not a very bright individual. As you can tell by some of the red highlights I’ve made, there are too many hints in this e-mail that this is not a legitimate e-mail from Microsoft.

First of all, notice that the entire message is centered. In your entire life, have you ever seen a message from Microsoft that was centered? Here are some other dead giveaways.

1. The word Microsoft is spelled MicroSoft in two places but Microsoft in the rest of the message.
2. The abbreviation MS is used in several places. Microsoft never uses the abbreviation MS in their official communication.
3. Web site is mentioned twice in this e-mail and spelled incorrectly both times. Microsoft (and often other leading publishers too) uses the term Web site, not website, or web site.

Unfortunately, an average user doesn’t pay that close attention to the e-mails and may be fooled just by the fact that it resembles a legitimate e-mail. I keep on reminding my friends that Microsoft will not contact you via e-mail to give you security warnings. I think my friends are finally catching up on that but even if 1% of people are fooled by the bad guys, it can cause significant damage.