A customer received an email saying that someone had used his Live ID to distribute unsolicited email, so his account would be blocked. The email suggested that, to prevent the account from being blocked, the customer should follow the link and fulfill the services new security requirements. However, the link from the scam email actually led to the Windows Live website. The attack does not result in the fraudster getting direct access to these services on behalf of his victim, but it does enable the attacker to steal personal information.”]
Source: https://securelist.com/fraudsters-can-have-rights-too/69991/