Xbox Live Rewards and Bing Phishing Email Analysis


Remember the other day when I mentioned a phishing email that was using the recent Microsoft-Skype deal to entice people to download malware?

Well now they are using the Xbox Live Rewards program and Bing to do the same thing.  Check out this email I received earlier.


Looks pretty official doesn’t it?  That image at the top is an actual picture that did appear on the Bing homepage plus Microsoft did begin an Xbox Live Rewards program last year and on top of that I am a member of that program.

Let me tell you that when this first hit my inbox I did not immediately react to it as a phishing attempt – I thought it might be for real.

A quick glance at the bottom half of the email showed me this:


That all looks pretty official as well.  Here is what that text says:

Open to residents Xbox LIVE Rewards members who are residents of the 50 United States (including District of Columbia) aged 18 years and older. Offer ends 5/31/11. See Terms and Conditions for details.
© 2011 Microsoft Corporation. All rights reserved. This site is hosted for Microsoft by ePrize, LLC. To learn more, please read our Privacy Statement. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

More pretty official looking stuff huh?

So what caused me to pause and take a closer look?  Two things.

One was the email address that it arrived addressed to.  It was one I use associated with a Microsoft site I have access to but it has nothing to do with Xbox Live Rewards and Bing.

The second thing was the links behind every hyperlink, picture, Twitter, Facebook and YouTube icon.  It was the same exact link for everyone one of them.  No matter what I clicked in this email it would have directed me to their phishing/malware site.

So even those of us who consider ourselves tech savvy can get caught up, at least for a brief moment, by the fancy work of these spammers.

Always take a second look at things before you click a link in this type of an email.  You will likely save yourself a lot of difficulty later.

Stay safe out there on the Internet.

5 thoughts on “Xbox Live Rewards and Bing Phishing Email Analysis

  1. Brock Collar May 17, 2011 at 6:33 AM -

    I think I also may have just fallen for this. I’ve changed my password for my Windows Live, and I’ve sent a message with the headers to Xbox Rewards (which SEEM to be legit) according to their website, EPrize is the group running it and the headers are as follows…

    (Headers Removed)

    Not sure.

    • Hey Brock – thanks for the info. I opted to not post the headers to the comments but appreciate your sending them to Xbox Rewards to find out what is happening with this. My confusion comes from the idea that all the images, links, etc. all go to the same website address. Why do it that way? Maybe for tracking clicks and things but in this day and age of security, protecting personal info, etc. I think that is a move that will cause people to not trust the info presented to them in the email.

  2. Ronnie and Homeslicd: I think changing passwords is the smart move just in case anything was compromised. @Ronnie I would try another browser to see if that works and maybe delete cookies for your FF to see if that clears up that site for access. @Homeslicd – if you signed into your Xbox Rewards account without clicking any links in the email than your login to the site should be OK.

  3. I actually got this today, and without thinking clicked it. I am already in the program so I’m not sure why I clicked it. Anyway I noticed I can no longer load the site in firefox. It works in other browsers but not that one now. It normally did. Basically what I’m asking is what do I do now that I’ve accidently clicked the link after already having an account? Will changing my password be enough?

  4. I just skimmed it not really noticing much and went ahead and signed it to my Xbox Live account and tried getting the points and the link was broken. I then went back and looked at the email and realized it looked pretty phishy. I changed my password, but is there anything else I should do?