Tickles me pink

[cwg]

I get a phishing scam, one of those "your account has been compromised, please visit this obviously blatant attempt to get your user-name and password so we can verify it blah blah".

It was interesting because the goofy fellow used a CGI-MAIL scri_pt to email him the successful results, so after finding that it was a hotmail account, I contacted abuse [at] hotmail and notified them of this.

I get:

Dear Customer,

My name is Kristel from Hotmail Abuse and I will be assisting you in recovering your username [at] hotmail.com account.

To keep the hacker out of your account and ensure your contacts safety at the same time, I have blocked access to your account. The block will stay in place until you recover your account through our account recovery website.

For the quickest resolution for your friends account, please inform your friend to visit this link http://windowslivehelp.com/passwordreset.aspx. From there, they can prove their account ownership, get a new password, and reactivate the account.

Please note that due to the nature of a hacked account and for your security, you need to pass the validation process for us to recover the account for you.

Please let me know if you have any questions.

Sincerely,

Kristel

Well, that works just as well.

[Farelf]

Hmm ... accidental competence or maybe Kristel (or her boss) is a closet/guerrilla anti-phishing activist? Anyway, well done - the continuing nightmare with these phishes is knowing the service provider (including Hotmail in the past) usually does absolutely nothing to cut off the flow of data to their miscreant user. This is a refreshing reversal of fortune.

Hotmail actually still confirms addresses as valid or invalid/inactive. See http://www.ipaddresslocation.org/email_loo...check-email.php (scroll down to the "Verify email address with our email checker" section, overwrite the "Enter email for testing" text with the address and hit the "Email Lookup" button - you then have to scroll back down again for the result). It might be interesting for you to confirm there is currently no "valid deliverable e-mail box address" for the address in question.