"This e-mail has been sent to you by Hotmail to inform you that your account has been blocked," says the message. "Why are you seeing this? Someone may have used your account to send out a lot of junk messages (or something else that violates the Windows Live Terms of Service). We're here to help you get your account back. What do you need to do? We'll ask you to login to our secured activation page by following the link below and re-activate your account."
As you may guess, the link takes the victims to a spoofed Windows Live Hotmail sign-in page.
"If victims go ahead and enter their Windows Live ID and password, they will immediately be redirected to the genuine Windows Live sign-in page. Thus, users may mistakenly believe that the first sign-in failed for some reason and try again, this time on the genuine site," Hoax-Slayer points out.
Some users may even believe that the reactivation process has been successfully executed and that this was all it took.
But no matter what the believe, the phishers have achieved their goal: they got their hands on the login credentials, and are likely to use them to sent further spam from the compromised accounts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.