Fake Microsoft Phishing Scam

Uploaded on 2017-03-01 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

An Email purporting to be from “Microsoft Department” warns that you are no longer allowed to access your email account because the company has disabled your online access for security reasons.

The email is not from Microsoft and access to your email account has not been disabled. Instead, the email is a phishing scam designed to steal your Microsoft Account login credentials.

 

Example

Subject: Request 352 – on pending.

You are no longer allowed to access your e-mail account. We had to disable your online access for your security. This can be because of a recent change in your address or submitting incorrect information during the initial registration process.

Please verify your Hotmail account within the next 48 hours in order to avoid full online suspension. After an effective account verification you will be able to use your login as usual

Follow our secure verification page to proceed to an effective online Authentification.

[Link removed]

We respect your privacy and will not provide your personal information to other parties without your consent.

Sincerely, Ariane Hsia
Vice President Customer E-mail Service
Microsoft Department 2017

Please do not reply this e-mail as it not monitored

Detailed Analysis

According to this email, which claims to be from “Microsoft Department”,  you are no longer able to access your email account. Supposedly, Microsoft had to disable your online account for your own security.  

It suggests that the security problem might be because you either changed your address or submitted incorrect information during the initial registration process.   It warns that you must click a link to verify your account within 48 hours in order to avoid “full online suspension”.

The link opens a fraudulent website that mirrors the appearance of a genuine Microsoft Account login page.

If you log in on the fake page as instructed, online criminals can use the login details to hijack your Microsoft Account. Your Microsoft Account login may provide access to a number of linked services including, email, Skype, and OneDrive.

Thus, once they have gained access, the criminals can use these services to launch spam and scam campaigns in your name and conduct other fraudulent activities. They may also be able to steal personal information that you may have stored in the account.

Hoax Slayer

Action Fraud: Social Media Used to Steal Charity Donations:

 

« Who Owns The Data From The IoT?
‘Cyber War’ Is Fast Becoming Just ‘War’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

softScheck

softScheck

softScheck is an IT security consultancy. Services range from pentesting and compliance testing to security auditing of software and IT infrastructure.

Astra

Astra

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

PagerDuty

PagerDuty

PagerDuty is the central nervous system for a company’s digital operations. We identify issues in real-time and bring together the right people to respond to problems faster.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

Assetnote

Assetnote

The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.