Recently there were reports of tens of thousands of hotmail passwords being posted on the web. In reality Hotmail, Gmail, Yahoo mail, and all email services are regularly being phished.
If you receive an email telling you to provide your password it is a phish. That is as simple as it gets. Never give out your password. Even if a known IT professional asks you for it. There are only two kinds of people who ask you for your password… thieves and idiots. You don’t want to give your password to a thief and an idiot can’t be trusted with it, so don’t give it out.
Even if the email looks legitimate and says that you will lose your account if you don’t provide information it is a lie.
The 10,000 hotmail account passwords that were put up on a public web site were not a problem with Microsoft security, they were an issue of user education. October is National Cyber Security Awareness month. Help inform your friends that they should never give out their passwords to anyone… even if the email appears to be from Hotmail Support, Gmail, or Yahoo.
Director of Technical Education
Author ESET Research, ESET