View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Windows Live ID used as bait to steal personal info

Users have been asked not to click on any unknown links.

By CBR Staff Writer

Hackers have reportedly come up with a new scam that sees Windows Live ID being used as a trap to get personal information from services like Hotmail, Outlook, MSN, Messenger, Xbox LIVE, and Zune.

Hackers are sending warnings to user saying that unsolicited emails are being distributed through their Windows Live ID accounts, which could lead to blockage of their accounts.

Users are then advised to click on a link to prevent their Windows Live ID from being blocked.

The link redirects users to a fake Windows Live page where they are asked to update their details to fulfill the service’s new security requirements.

However, security experts from Kaspersky Lab found out that the link from the scam email redirected to the original Windows Live website.

Users received a curious prompt from Windows Live service after they authorised their account on the original site.

The prompt asks permission to automatically log into the account, and view profile information, personal and work email addresses and contact list of users.

Content from our partners
A hybrid strategy will help distributors execute a successful customer experience
Amalthea leverages AI and automation to improve yield while minimising waste and costs
How AI is unlocking valuable opportunities in the insurance industry

Hackers reportedly manipulated a security flaw in open protocol for authorisation, OAuth to get access to this technique.

Hackers might not get access to user’s login and password credentials but they can access to contacts nicknames and real names of users along with lists of appointments and important events.

Kaspersky has asked users to avoid clicking on any suspicious links received through email or in private messages.

The security company has also asked users to avoid giving access to personal data to unknown application, and to keep the antivirus software up to date.

Kaspersky Lab senior web content analyst Andrey Kostin said: "We’ve known about security flaws in the OAuth protocol for quite a while: in early 2014, a student from Singapore described possible ways of stealing user data after authentication.

"A scammer can use the information intercepted to create a detailed image of users, including information on what they do, who they meet and who their friends are, etc. This profile can then be used for criminal purposes."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.