Microsoft going Phishing?

No, not really, but it was still pretty funny to see Thunderbird flag this past week’s Microsoft Student Ambassador newsletter as a scam. (See photo below, click for more detail.) One of the new features of Thunderbird 1.5 (currently in release candidate status), is that it will attempt to recognize emails that are scams, phishing attempts, etc. The MSA newsletter was flagged this past week (and I’m sure the other weeks would have been as well, had I been using Thunderbird to read them) because of the way that the author screwed up the links. (Or more likely, because of how Exchange server screwed them up)

All of the links in the email were doubly-redirected through mail.microsoft.com/exchweb/bin/redir.asp. If I understand correctly, this is intended to be used when *viewing* an email in Exchange server’s web client, so that you get some pretty “back to Exchange Web” or some such frame above the link you click on. At some point in the email composing process, though, all the links in the outgoing copy of the message were redirected as well, so that they bounce through mail.microsoft.com twice. For example, the email’s link to the Windows Embedded Student Challenge (www.windowschallenge.com) appeared like this in the letter: http://www.windowschallenge.com. Now on first glance that looks ok, but if you hover your mouse over it, you’ll note that the actual URL of that link is rather bizarre. If you click on it, you’ll note that it dead ends at Microsoft’s Exchange server login page. Uselessly, might I add. So because the text of the link named one URL, and the actual href (where your browser will go) of the link points to mail.microsoft.com instead, Thunderbird flagged it as a scam. (This is a common tactic of phishers… they’ll title a link “ebay.com/renew_your_membership_now_or_bad_things_will_happen” but set the href to something like “http://www.yousuckbecauseyouweredumbenoughtoclickonthislink.com/”, which will look like an ebay login page, but actually just steal your account info.)

The mistake wasn’t malicious on Microsoft’s behalf, but deceptive, nonetheless, and Thunderbird would have none of it:

One thought on “Microsoft going Phishing?

  1. Jon

    I see you’re trusting a pre-release product with your important e-mail. You’re a far braver person than I as I wouldn’t trust an alpha/beta program with my precious e-mails.

    Of course I’ve been using Firefox deerpark alpha since last may but that won’t delete messages from professors.

    It’s also intersting to see Microsoft sends out official e-mails that are formatted very similar to scams. You always thought the scammers were trying to trick you with crazy links. In reality they are just conforming to Microsoft’s template to blend in.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *