Just say no to bogus Messenger invitations

Just say no to bogus Messenger invitations

  • Comments 7
  • Likes

Windows Live Messenger is both a powerful and fun communications tool for staying in touch with your friends, family and co-workers.  It is a semi-enclosed environment where you can freely interact with the people you know and trust – the people in your network. Unfortunately, over the last couple of months, we've been monitoring an increase in spammers and malware distributors trying to work their way into our customers’ networks of trusted Messenger contacts.

How Messenger spam works

First the spammer identifies potential targets.  They do this by searching for public Spaces, by acquiring lists of valid Hotmail accounts, and by trading with other spammers.  Second, the spammers set up a number of Windows Live ID accounts and use these accounts to send invitations to their potential targets.

A typical invitation looks like this:

image of a Messenger spam invitation

If you accept a spammer's invitation, they can then download your list of friends to find new people to target, and send messages to you and your friends trying to attract you to spam, phishing, or malware websites. See my previous blog post on URL reputation to learn about the protections that SmartScreen® provides if you do end up clicking one of these links.

We’re working on delivering several technologies to help us reduce these bogus invitations. In fact, starting this week we are deploying a number of immediate new steps to block and root out these spammers, and to limit the number of invitations they can send. 

Don't let spammers in the door

You can take steps to protect yourself too. One thing you can do is click the View profile link in the invitation, to try to figure out if it is from a spammer or an old friend.  Viewing the profile won’t hurt you or your computer, and it won’t add the spammer to your network, so it is always a good first step.  This is like what you might do at home, if someone came knocking at your door unexpectedly. You'd probably look through the peep hole before deciding whether or not to let them in.

If you still don’t recognize this person, and think they really might be a spammer, then don’t answer the door -- and let us know by clicking the check boxes to block them and report them as spammers.

Image showing how to block and report Messenger spam

Better safe than sorry

And don’t worry about reporting abuse. Even if you accidentally report a long lost friend as a spammer, we won’t shut down anyone’s account based on one piece of feedback. In this world, it's better to be safe than sorry. You might also find these 10 tips for safe instant messaging useful.

As with all service abuse scenarios, this is another arms race.  We know abusers are motivated, and will attempt to react every time we add new protections, but we're motivated too. We’re continually working to protect everyone on the network from these types of attacks.

John Scarrow
General Manager - Safety Services

PS. If you think you may have already fallen victim to a phishing scam, check out these tools for removing malware and preventing further issues.

7 Comments
You must be logged in to comment. Sign in or Join Now
  • I am from groups.im, a third-party chat service which brings chat rooms to Windows Live Messenger clients.

    Millions of our users in our service have been unable to send messages these weeks. This blockage seems to have been triggered by our URLs including "groupsim" and "imgroups" followed by different domain TLD extension. The URLs send by redirection and service announcements usage, so we can provide the best service. It is estimated that is caused by Windows Live Messenger filter policy, which may confuses our healthy URLs with spam, phishing, and other annoyances.

    Ideally we’d like to contact with the person who would like to help for it.

    Thanks.

  • This has reached epidemic proportions on my machine. When I log in I'm greeted with two to five of these popup windows. At the very least, can all requests be concentrated in one window so I can dismiss them with one click? It's a terrible UI that shows multiple popups.

    Even better, let me turn off requests altogether! Use ivalaine's suggestion above. I've never had an out-of-the-blue request that was legitimate. Never. I know when I want to initiate a connection with someone.

    I'm very close to uninstalling MSN. I need it for one or two business contacts, or it would already be gone due to this bug alone.

  • How about MSN  just has some setting where you can set up a "safe word" or something to give to people along with your email address. then have a security setting for "require safe word with requests"

    not hard. and cuts out the majority of spammers. If a long lost friend really wants to contact you and has your email, they can, you know, always email you.

  • There are some good suggestions here some of which we are in the process working through.  More bad guys are on the way so expect us to up the countermeasures as we go.

  • Kit
    23 Posts

    Just wonder why don't make a button like on the one in Hotmail / Windows Live Mail. Just one click to block and report as a spam.

  • After being out of town all weekend, I just signed into Windows Live Messenger only to be greeted by a dozen or so Windows Live Messenger SPIM invitations. Is there anything being done to improve the add contact system--perhaps a CAPTCHA solution? The current modus operandi doesn't appear to be cutting it anymore.

    Thanks!

    -Sterling

  • But why on earth can the spammer see all of my friends? #FAIL!

    And why on earth do you force me to have a "Space" ? #FAIL!

    I know there are several opt-out settings, but that's the problem! It should be opt-in!