I had seen a warning about this earlier today, but wouldn’t have fallen for it after even the briefest review:
First of all, all the links (including the one to Microsoft and all the credit card companies) link to the same scammy web address, which you can see in the final "For security your Credit Card information" line. Ingeniously, someone actually registered the domain name with which to scam the public into giving away their credit card information. You have to give them credit for that, although their nameservers are Yahoo, so it was only a matter of time before someone woke up over there and cut them off — the site is already down.
Secondly, the scam artist claims to be from Microsoft, yet gives a non-Microsoft email address and website. Yeah, right.
Thirdly, the grammatical errors are beyond laughable:
- "the up mentioned Credit Card companies"
- "The securing of your Credit Card will not take longer than 3 minutes, and can spare you of loosing your hard earned money"
- "Microsoft has sent this email in conformity with the law protected email program rules"
The email header included the following:
Received: from stonefive.com ([188.8.131.52]) by mx.google.com with ESMTP id 5si706804nzk.2007.12.18.17.17.02; Tue, 18 Dec 2007 17:17:03 -0800 (PST)
Received-SPF: neutral (google.com: 184.108.40.206 is neither permitted nor denied by best guess record for domain of email@example.com) client-ip=220.127.116.11;
Authentication-Results: mx.google.com; spf=neutral (google.com: 18.104.22.168 is neither permitted nor denied by best guess record for domain of firstname.lastname@example.org) email@example.com
Received: from ts1.albblaw.local ([22.214.171.124]) by stonefive.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 18 Dec 2007 17:35:45 -0700
From: "Microsoft" <firstname.lastname@example.org>
I’m not sure if that means that the stonefive.com SMTP server or the IP address 126.96.36.199 were hijacked for this purpose.