I got the following email from internet5@microsoft-onlinesafety.com:


VIA EMAIL:

Date: 17 December 2008

URL address: http://-------.wiizdom.com/----/
Date of Activity: 17 December 2008

Dear Sir or Madam,

Microsoft Corporation has received information that the URL address, http://------.wiizdom.com/----/, which appears to be on servers under your control, is an illegitimate website that attempts to mimic or “spoof” a Microsoft site. The website is designed to look like an MSN Hotmail page and attempts to collect Sign-in and Password information of visitors. Based on our investigation it appears that the website is unauthorized and unrelated to Microsoft, and likely constitutes an improper attempt to obtain MSN Passport passwords of unsuspecting visitors.

We are asking that you investigate the website at issue and consider whether this activity is in violation of your terms of service. In order to protect innocent visitors to the site from being misled or injured, we request that you remove the pages located at http://-------.wiizdom.com/---/ from your service as soon as possible.

As you know, illegal on-line activities can cause 100 million Internet users to access fraudulent web sites worldwide - a highly damaging activity for the victims. In light of this, we have prepared the attached notice for you to post on the identified fraudulent site to warn other Internet users of the severity of Phishing activities. Alternatively, could you redirect visitors to the following web site http://www.digitalphishnet.org/beware.aspx.

If you have any questions, please contact us by replying to this email. We appreciate your prompt cooperation in this matter. Please advise us regarding what actions you take.



Yours sincerely,

Graeme Grant
Internet Investigator

on behalf of Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
United States of America

E-mail: internet1@microsoft-onlinesafety.com


I got an email almost exactly the same from my domain privacy site(domainsbyproxy). And I don't think it's spam becuase the page it links to is by one of my users and is an hotmail phishing site! What should I do?? Also it contains an attachment called index.html.

I'm abit stumped by this, personally I can't see why a a corporation like microsoft would go to an external host like nildram to host they're site. It's the whole WHOIS:

Microsoft Corporation
Domain Administrator
One Microsoft Way
Redmond
WA
98052
US
I say genuine tbh. It's not like a scam, its a informative email.

Nildram is a company in Bucks, that's where I live in the UK .. microsoft.com is registered with Tucows, why would they change their registrar to one on the other side of the world ??

It doesn't seem genuine to me ... if you're bothered ring microsoft ...

Also, the HTTP redirect page does not look like it was comissioned by microsoft in the slightest ...

I've searched a little and it seemed many other people have received an email like this one and all for legit reasons. But it does say "on behalf of".

Bit weird.
If anything the Datacenter would email me if there was a phishing scam on the server, your probably right in that its due to that user linking to something they dont like, If its legit at all that is.

What was on the link you've blurred out?

Did you check the headers of the email to see if it originated from Microsoft and not some email script someone else is hosting?

I think the main issue isn't whether the email is spam or not. What matters is if the email is accurate. Is your client/user hosting a phising site? If so, you need to take care of that first before worrying about the legitimacy of the email.

http://www.webhostingtalk.com/showthread.php?t=487936

wow thats strange. I hardly dought its from microsoft. I susspected phishing myself howver it could be someone pissed off of forgery and thinking there helping microsoft. weird and interesting (I'm subscribibing)

I've searched a little and it seemed many other people have received an email like this one and all for legit reasons. But it does say "on behalf of".
Another sort of emails like spanish lottery or paypal confirmation? :D

What was on the link you've blurred out?

A hotmail phishing site.

Perhaps it's legit then, maybe someone saw it and reported it to Microsoft.

I suspended the site as soon as I got the email.

I suspended the site as soon as I got the email.
Glad to hear that. Even though I am not sure whether this is legit, but it is good to see that somebody is notifying these abuses to hosting providers. :thumbsup

I would simply call Microsoft if you are that worried. They would probably use the Microsoft.com domain anyways if it was legit.

An email can be sent by anyone, I can send an email scoobydoo@google.com but doesn't mean I am anything to do with google.

If you can get the header please post it so we can see it, that gives all the info you need, IP, domain it was sent from, username, etc.