SPAMI have yet received another reason why spammers are idiots.  Overall I have a huge distaste for what  they try to do, but occasionally I feel compelled to educate and share some of the work that they try to do.  The email below was received by my wife, and happily my wife's company email system did prevent this email from reaching her inbox directly.  The mail was delivered to her junk mail folder, where she periodically checks for false positives.  So she decided to forward it to me.

Here is the email for your holiday enjoyment (I did modify slightly to remove names and such):

MICROSOFT AWARD 2007
12/17/2007 09:30 PM
Subject:
Congratulations!!! You Are A Lucky Winner 2007

Please respond to xxxxxxxxx@yahoo.co.uk

MICROSOFT AWARD 2007
Microsoft Campus Thames
Valley Park Reading Berkshire
RG6 1WG UNITED KINGDOM.

Date: 18th Nov 2007.

(CSC) Claims Security Code: CSC-74162007-04-LV-UK

Finally, today we announce this year winners of the MICROSOFT E-MAIL AWARD held on 28th Oct 2007. This is an Electronic-Mail Award, in which email addresses were used.  You have been approved for lump sums pay out of $4,464,000.00 US in cash Credited to Claims Security Code Number CSC-74162007-04-LV-UK.

Contact your claims processor with the below information for more details and remittance of your won prize (MONEY) to you.

  1. Full Name
  2. Address
  3. Tel/Fax
  4. Age
  5. Occupation
  6. Claims Security Code

E-Mail: xxxxxxxxxxxx@yahoo.co.uk

Note: Do not reply this e-mail; you are to contact your claim processor immediately by email. Microsoft Electronic Mail Prize Award is approved and Licensed by the International Association of Gaming Regulators (IAGR.

Yours Sincerely

Microsoft Customer Support

Overall, the spam mad me laugh...out loud...a lot...as a matter of fact I think I am still giggling as I write this post.  :-)

This email could not have been a poorer example of phishing, if all spam could be this easy.  I am surprised that they did not come out and ask for her social security number directly.  What made me laugh so much was not that it was from my company, but more importantly the email you responded to was a yahoo account.  I mean are for real, at least I know (or at least hope) this person will have a short lived career as a spammer.   Considering that they do not seem to realize that yahoo and Microsoft are separate companies, and I am pretty sure we did not contract yahoo to do our customer support.

This email also reminded me of a great piece of work that Joe Stagner did a couple of years ago on phishing techniques, it is a great little screencast on phishing techniques: Phish and more Phish