Our IT Director shared a phishing email with me noting how professional it looked. While professionals, such as our IT director would not be fooled by a phish like this, many people would be fooled.
A picture of the body of the email is below. The “from” address would fool many people. The “to” address looks at least somewhat plausible as well.
Where you should spot that it is a phishing attack is the part in which it asks for your username, password, date of birth, and country. Hotmail, Live, Yahoo, Google, MySpace, Twitter, PayPal, eBay, and other legitimate sites are not going to ask you to email them your password, or to go to a web page to input your password (other then to tell you to log into your account). Never follow a link in such an email.
As for asking for your username, if they have decided to shut down YOUR account, then they know your username, no?
There may be some very rare exceptions, but as a rule, there are only two types of people who ask you for your password – Thieves and idiots. Never, give out your passwords. If this one would have fooled you, then let this be a good lesson for you.
Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC
