Attack of the Zombie Orkut Phishing Pages

Security Change Spam: “Your Hotmail Account Services Has Expired”

You may have survived the Great Hotmail to Outlook changeover of 2013, but be advised there are emails doing the rounds which want to cause a Hotmail handover of their own.

From the spam traps:

Hotmail changeover spam

The email reads as follows:

Security Change

Dear User,

All Hotmail customers have been upgraded to Your Hotmail Account services has expired.

Due to our new system upgrade to Outlook. In order for it to remain active follow the link Sign in Re-activate your account to Outlook.

Thanks, The Microsoft account team

Clicking the link won’t immediately take potential victims to the phish, because the people behind the email managed to slightly bork the clickable link, and by “slightly bork” I mean “completely destroy”:

http://%20%20%20http// [rest of URL goes here]


This is what the eager link clicker will see – note the space after the “www”, which is what all that “%20%20” stuff means:

Uh oh

If they’re determined to reach the “reactivation page”, they’ll then close up that space in the web address. Of course, should they do that…

This is not going well

…they’ll find they arrive on a website entirely unrelated to anything they happen to be doing. The actual location of where our overly hopeful mail sender wanted victims to land would be here:

Got there eventually...

The URL the above page is hosted on appears to be a Sake website, so it’s quite possible they’ve been compromised and had the “Outlook” page placed there without permission.

For the time being, any Hotmail accounts you have will still function as normal – the only real difference is that you’re still using the Outlook URL to sign in.

Some additional good news with this one (in addition to the wonderful news that the people sending this mail can’t insert web addresses correctly) is that Outlook itself flags the message as spam and deposits it in the spam folder.

You’d really have to try hard to catch yourself out with this mail, but stranger things have happened. Don’t fall for it!

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.