Few can boast the dubious honor of being an unwitting participant in an Internet scam. Dick Craddock, who works for Microsoft's Hotmail team, can. The group program manager revealed how his personal information was purposefully integrated into phishing schemes.
Craddock unsurprisingly dislikes phishing in general. But when cyber crooks started employing his identity to fool Hotmail users, he was appalled. "I'm talking about the phishing scams that target Hotmail customers using my name, my picture, and even my signature," said Craddock, adding that such attempts elicit "a special level of disdain and disgust."
The problem started when Hotmail began including employee's names, pictures and signatures in legitimate e-mails, explained Craddock. The move was ostensibly to add a personal touch to otherwise mundane messages. "That decision has really come back to haunt me," he said.
Following the friendlier e-mails' debut, Craddock realized he had inadvertently handed cyber con-men a golden ticket.
"Almost immediately, the spammers copied that email, including my picture, name and signature, and modified the content so that it said something like 'Your account is about to be shut down unless you reply to this email with your account name and password,'" Craddock said.
Most people are well aware that companies tend not to brazenly request customers' passwords, but some aren't - or could easily be tricked. An e-mail featuring Bill Gates' face and signature, for example, may be less likely to set off warning bells than one from an obviously suspicious source lacking details.
"Phishing scammers know that they’ll get better response rates by using my pictures and my signature to produce email messages that look legitimate," he said. "They even translate their scams into multiple languages to broaden their reach."
While Craddock has seemingly made peace with the fact that "spammers want to send spam," he defended Hotmail's ongoing battle with phishing.
"Some of you might be wondering, 'Why can’t Hotmail detect these scams?' We can detect these scams and do detect many of them," he explained. "But it's just a numbers game, and spammers are capable of producing a huge volume of phishing scams, with enough variation in the text and images to fool our filters a small percentage of the time."
Craddock announced last week that Microsoft has helped cut down total Internet spam by 15 percent in the past few years, while Hotmail users have simultaneously enjoyed a 90 percent reduction in spam. In July, Hotmail banned common phrases from becoming passwords - a drastic, if necessary step.
