Microsoft Rewards?

I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds like
some phishing scam, so I don't click on its hot area. Has any of you got
it, too?

"cameo" wrote

|I keep getting this email from
| ,

With something like that you can check whois:

https://www.whois.com/whois/microsoftrewards.com


That does seem to be Microsoft, assuming you're
actually getting it from microsoftrewards.com and
any link really does go to microsoftrewards.com.
It's a good idea to check the source code to be sure.

Personally I wouldn't click on any "hot area" anyway.
That will usually involve a web bug or rigged URL to
confirm for them that you read the email.

I assume they're not offering anything good.
It appears that it's basically what might be called
"legitimate phishing".

https://rewards.microsoft.com/

Maybe you accidentally signed up. Or maybe
you've given your email address to MS in some
venue and they're spamming you.

They invite you to use their products and give
them lots of personal information. In exchange you
get vaguely defined points that you may be able to
redem for "gift cards" or sweepstakes entries or
discounts on Microsoft Store apps. So, let them
spy on you and you can be entered in a contest.

This reminds me of years ago when I had a Citibank
credit card and got CitiDollars for using it. I amassed
something like $6,000 CitiDollars. But I could only redeem
them by buying overpriced stuff: Get this $400 TV for
$250 and 300 CitiDollars. The problem was that I could
buy the TV in a store for about $250. So the whole
thing was actually just a scam.
But in a way the CitiDollars were better than
Microsoft rewards: At least I didn't have to give them
personal marketing info in order to get nothing.

On Mon, 25 Jun 2018 16:42:16 -0700, cameo
wrote:

I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds like
some phishing scam, so I don't click on its hot area. Has any of you got
it, too?

https://www.startpage.com/do/search?...e wards&pl=ff


It seems to be a legitimate scheme, though those particular emails
may be bogus and spammy.
If the scheme interests you, you may be able find it through
Microsoft's homepages.

Mand.

In message , cameo
writes:
I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds
like some phishing scam, so I don't click on its hot area. Has any of
you got it, too?

From what others have said, sounds like it's legitimate but worthless.

The addressing is obviously automated, and derives from somewhere you
have filled in your name using only your initials. I don't like being
addressed by my first name by someone (especially automated software) I
don't know, so nearly always fill in anything that needs a name with
just my initials as below, and get a lot of "Dear J" as a result (or
sometimes "Dear Jp"). [I haven't received any from microsoftrewards
AFAICR.]
I'm rather surprised they're using that, as it's a common scammer
practice to use hostnames that comprise a well-known name such as
Microsoft but with extra characters; if I _had_ received such, I would
have assumed it was a scam anyway.

(Note use of "comprise" without a following "of".)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Eastenders" is like being punched repeatedly in the face for half an hour. -
Stephen Mangan, in Radio Times 5-11 May 2012

On 06/25/2018 07:52 PM, J. P. Gilliver (John) wrote:

[snip]

The addressing is obviously automated, and derives from somewhere you
have filled in your name using only your initials. I don't like being
addressed by my first name by someone (especially automated software) I
don't know, so nearly always fill in anything that needs a name with
just my initials as below, and get a lot of "Dear J" as a result (or
sometimes "Dear Jp"). [I haven't received any from microsoftrewards
AFAICR.]

I remember from before the web, when my father would use "H" as a first
name, for these things. It was actually the first letter of the dog's
name, and the dog could use some new chew toys.

Also (OT)

One night I was listening to the PBS radio station, and someone I knew
called in a donation for "S Lloyd". The announcer thought that was his
son, but I knew it was the cat.

--
Mark Lloyd
http://notstupid.us/

"I can picture in my mind a world without war, a world without hate. And
I can picture us attacking that world, because they'd never expect it. "

cameo wrote:

I keep getting this email from ,
but the email does not address me by my regular name just by my first
name initial. Sounds like some phishing scam, so I don't click on its
hot area. Has any of you got it, too?

Oh, an e-mail but no evidence of what is shown in the Received, Sender,
and other headers of the e-mail and no showing what is *in* the HTML
code, like for the A tag of the hyperlink that claims to be pointing
at Microsoft. You want others to diagnose an e-mail for which you give
nothing to diagnose.

View the source of the e-mail. Copy that source which will show headers
and the body of the message. Munge out any personal information, like
your username in your e-mail address (but not the domain since that is
public information, anyway). Do NOT show the rendered HTML for the
e-mail as that can be manipulated to lie about where a hyperlink
actually points. Show the source of the e-mail which will show to where
the A anchor tag points in its href attribute. The Received and other
headers will indicate from where an e-mail originates. The *code* for
an HTML rendered hyperlink is the only way to know to where a hyperlink
points (unless your client pops up an *accurate* description of a
hyperlink, but many clients do not and show something other than what is
really specified in the href attribute).

Bulk mails rarely address you by your specific name unless they are
mailmerged mailings. Mailmerge takes more time to modify the content of
a template to use as the body of a personalized e-mail. The recipient
is already specified but merging that into the body takes time. Whether
or not it is a legitimate e-mail from Microsoft or a phish requires
seeing what is actually specified in the headers and to where the
hyperlinks actually point for the effective URL (not what gets shown in
rendered HTML). Not all bulk mailings are personalized; i.e., the same
message gets sent to multiple recipients instead of a personalized
template sent to each recipient.

That I don't get e-mails from Microsoft Rewards doesn't mean Microsoft
doesn't operate a rewards program. I don't buy anything from
Microsoft's store, so I would have no rewards from them. We don't know
what past relationships you've had with Microsoft that might qualify you
for participation in their rewards program.

https://rewards.microsoft.com/
https://www.microsoft.com/en-us/stor...rosoft-rewards
https://support.microsoft.com/en-us/...rewards-points
https://support.microsoft.com/en-us/...rewards-points

If you want others to diagnose an e-mail to determine it legit or phish,
you'll have to provide evidence: the source of the e-mail but with
sensitive data munged out or obfuscated.

J. P. Gilliver (John) wrote:

In message , cameo
writes:
I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds
like some phishing scam, so I don't click on its hot area. Has any of
you got it, too?

From what others have said, sounds like it's legitimate but worthless.

The addressing is obviously automated, and derives from somewhere you
have filled in your name using only your initials. I don't like being
addressed by my first name by someone (especially automated software) I
don't know, so nearly always fill in anything that needs a name with
just my initials as below, and get a lot of "Dear J" as a result (or
sometimes "Dear Jp"). [I haven't received any from microsoftrewards
AFAICR.]
I'm rather surprised they're using that, as it's a common scammer
practice to use hostnames that comprise a well-known name such as
Microsoft but with extra characters; if I _had_ received such, I would
have assumed it was a scam anyway.

(Note use of "comprise" without a following "of".)

The From header is worthless for validating who was the sender of an
e-mail. The sender's e-mail client defines the value of the From
header, not the sender's mail server. I can put anything I want in the
From header. I could send e-mails that look like they came from cameo,
you, or anyone else.

You need to look at the Received headers to see from where the e-mail
originated. Received headers are prepended in the order they pass
through mail servers. That is, the first mail server will be the last
one listed in the source of an e-mail and the last mail server will be
at the top of the headers section. Some Received headers are shown for
internal routing within an e-mail provider so they don't comply with the
by-clause in one Received header having to match the from-clause in the
next Received header. That doesn't identify the sender at that domain
but will show if, say, a Microsoft e-mail originated from a Microsoft
mail server. However, scammers can spoof a Received header by inserting
their own. When they do, it will be the first Received header after the
legitimate ones. They're hoping you cannot identify fake Received
headers, will trace from a legit one into theirs, and think their e-mail
originated from where they said it did. If it is not an internal
routing shown in Received headers, the server specified in from-clause
from a later Received header should point at the server specified in the
by-clause in the just prior Received header. Tracing through Received
headers is easy but full of gotchas.

Some mail servers will add a Sender header. The client doesn't add
this. The sending mail server adds that header. If the client adds it,
the server will ignore it to add its own Sender header. That can
identify who was the sender at the domain which should match the
non-internal (boundary) sending mail server specified in the first
Received header.

Some e-mails will have SPF or DomainKeys headers that also help identify
from where an e-mail originated (the sending mail server, not the
account that used that outgoing mail server).

Some companies contract others to send their bulk mailings. The problem
is the e-mail will show it comes from the bulk mailing service, not from
the domain purporting to have sent the e-mail. Comcast does this: they
employ someone else (don't remember who) to send bulk mailings on
Comcast's behalf. The result is the Received headers show the e-mail
did not originate from Comcast. The From header is faked to show
Comcast as the sender. The hyperlinks inside the message body often
will point to somewhere other than a Comcast registered domain. The
cure is to grant authorizing for the bulk mailing service to use
Comcast's own SMTP servers to spew out the bulk mails; however, that
means letting someone else pass traffic through your SMTP server and
usually the point of contracting a bulk mailing service is NOT to
impinge that traffic volume upon your mail servers. There are other
solutions, like letting the bulk mailer use a domain registered for the
purported sender, like letting them use their own SMTP server using
something like rewardscomcast.net. While it will look like the e-mail
originated from a different domain than Comcast in the Received headers,
a whois on the alternate domain would show that Comcast is the
registrant.

Since there is a Microsoft Rewards program and since the hostname of
"email" is at the microsoft.com domain where Microsoft is the registrant
for that domain, it is very plausible the OP got a legit e-mail from
Microsoft. However, the OP showed us what he saw and it is likely he
received an HTML-formatted e-mail. Rare nowadays are senders that send
in plain text format. The HTML A tag will have a comment section
where whomever composed the HTML-formatted e-mail can specify whatever
they want as the comment, which could look like a URL. The href
attribute of the A tag specifies where the hyperlink actually points,
and that can differ from the comment for the A tag. For example:

A href="we-cheat-em-and-how.ru/rogueware/infection-pretense.html"
/A

has the comment (between the A and /A delimiter tags) pretend the
user would be going to Microsoft when, in fact, the href will have them
visit some rogueware site that claims the visitor is infected and offer
to download and install software to fix the problem (which is actually
malware, like ransomware).

Without seeing the source of the HTML-formatted e-mail (i.e., the HTML
code), there is no way we can tell to where a hyperlink actually points.
We're only told where the OP *thinks* the hyperlink points based on the
comment for the A tag. The OP wants us to diagnose an e-mail for
which no exhibit has been provided for us to diagnose. Saying it came
from somewhere based on limited expertise in e-mail headers and HTML
code doesn't really give real evidence of where it actually came from or
to where the hyperlinks point.

On 06/25/2018 07:51 PM, Wolf K wrote:
On 2018-06-25 19:42, cameo wrote:
I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds
like some phishing scam, so I don't click on its hot area. Has any of
you got it, too?

MS Rewards? ??On the face of it, I'd say, yeah, it's a scam. I can't
imagine MS running a rewards program.

They do. If you log into MS with a hotmail account (at least I do), on
Bing.com, you get a rewards icon with the points total beside your
avatar in top right. I have 33,000+ points.

Now I'm not using any of them or if I have I've received nothing from
the usage.

Big Al wrote:
On 06/25/2018 07:51 PM, Wolf K wrote:
On 2018-06-25 19:42, cameo wrote:
I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds
like some phishing scam, so I don't click on its hot area. Has any of
you got it, too?

MS Rewards? ??On the face of it, I'd say, yeah, it's a scam. I can't
imagine MS running a rewards program.

They do. If you log into MS with a hotmail account (at least I do), on
Bing.com, you get a rewards icon with the points total beside your
avatar in top right. I have 33,000+ points.

Now I'm not using any of them or if I have I've received nothing from
the usage.


33000 points ? checks charts

That entitles you to one order of Cotton Candy.
Come to the Seattle fairground to pick it up.

http://www.restaurant-hospitality.co...-503386182.jpg

Paul

Paul wrote:
Big Al wrote:
On 06/25/2018 07:51 PM, Wolf K wrote:
On 2018-06-25 19:42, cameo wrote:
I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds
like some phishing scam, so I don't click on its hot area. Has any
of you got it, too?

MS Rewards? ??On the face of it, I'd say, yeah, it's a scam. I can't
imagine MS running a rewards program.

They do. If you log into MS with a hotmail account (at least I do),
on Bing.com, you get a rewards icon with the points total beside your
avatar in top right. I have 33,000+ points.

Now I'm not using any of them or if I have I've received nothing from
the usage.


33000 points ? checks charts

That entitles you to one order of Cotton Candy.
Come to the Seattle fairground to pick it up.

http://www.restaurant-hospitality.co...-503386182.jpg


Paul

Actually, there's a suggestion here.

https://support.microsoft.com/en-ca/...ds-points-work

"Microsoft Rewards points have no cash value.

You can typically redeem 5,000 Microsoft Rewards points
for about $5 of value on the Microsoft Rewards redeem page.
"

So you have around $30 worth.

If you converted that to Air Miles, it would fly
you across the street (about 66 feet).

I think the Cotton Candy is a good deal, all things
considered.

Paul

"cameo" wrote

| ,

Interesting review of the whole thing he

https://workfromhomejourney.com/is-m...etailed-review

Apparently it's been going on for years, but recently
it's been combined with XBox rewards, whatever that is.
They're basically paying people to use their products
(Bing/Edge) and to buy MS Store apps. But the catch is
that they don't pay much of anything worth having.

Big Al wrote:

Wolf K wrote:

cameo wrote:

I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds
like some phishing scam, so I don't click on its hot area. Has any of
you got it, too?

MS Rewards? ??On the face of it, I'd say, yeah, it's a scam. I can't
imagine MS running a rewards program.

They do. If you log into MS with a hotmail account (at least I do), on
Bing.com, you get a rewards icon with the points total beside your
avatar in top right. I have 33,000+ points.

Now I'm not using any of them or if I have I've received nothing from
the usage.

I logged into Hotmail (also have an Outlook.com account). Went to
bing.com. Click on the Rewards icon. A window popped up telling me
about Microsoft rewards but requires that I join. So just having a
Microsoft e-mail account does not enlist you into their rewards program.

Have you ever bought anything from Microsoft's store?

On 06/25/2018 10:31 PM, Paul wrote:

IÂ*thinkÂ*theÂ*CottonÂ*CandyÂ*isÂ*aÂ*goodÂ*deal,Â* allÂ*things
considered.
Me too!

On 06/26/2018 01:30 AM, VanguardLH wrote:
Big Al wrote:

Wolf K wrote:

cameo wrote:

I keep getting this email from
, but the email does not
address me by my regular name just by my first name initial. Sounds
like some phishing scam, so I don't click on its hot area. Has any of
you got it, too?

MS Rewards? ??On the face of it, I'd say, yeah, it's a scam. I can't
imagine MS running a rewards program.

They do. If you log into MS with a hotmail account (at least I do), on
Bing.com, you get a rewards icon with the points total beside your
avatar in top right. I have 33,000+ points.

Now I'm not using any of them or if I have I've received nothing from
the usage.

I logged into Hotmail (also have an Outlook.com account). Went to
bing.com. Click on the Rewards icon. A window popped up telling me
about Microsoft rewards but requires that I join. So just having a
Microsoft e-mail account does not enlist you into their rewards program.

Have you ever bought anything from Microsoft's store?

Never!

Odd that a account doesn't show the program. Maybe I
joined (it's been so long ago), but that's all I do.

Mayayana wrote:
"cameo" wrote

| ,

Interesting review of the whole thing he

https://workfromhomejourney.com/is-m...etailed-review

Apparently it's been going on for years, but recently
it's been combined with XBox rewards, whatever that is.
They're basically paying people to use their products
(Bing/Edge) and to buy MS Store apps. But the catch is
that they don't pay much of anything worth having.



The crucial words are "Microsoft Rewards basically pays you to browse
the web with Bing. You can use any browser that uses the Bing search
engine".

The more people use Bing, the more ads get viewed. The more people use
Bing, the more Bing's status rises together with its power to attract
advertisers; paying advertisers, that is".

Ed