Fake Microsoft Phishing Scam

An Email purporting to be from “Microsoft Department” warns that you are no longer allowed to access your email account because the company has disabled your online access for security reasons.

The email is not from Microsoft and access to your email account has not been disabled. Instead, the email is a phishing scam designed to steal your Microsoft Account login credentials.

 

Example

Subject: Request 352 – on pending.

You are no longer allowed to access your e-mail account. We had to disable your online access for your security. This can be because of a recent change in your address or submitting incorrect information during the initial registration process.

Please verify your Hotmail account within the next 48 hours in order to avoid full online suspension. After an effective account verification you will be able to use your login as usual

Follow our secure verification page to proceed to an effective online Authentification.

[Link removed]

We respect your privacy and will not provide your personal information to other parties without your consent.

Sincerely, Ariane Hsia
Vice President Customer E-mail Service
Microsoft Department 2017

Please do not reply this e-mail as it not monitored

Detailed Analysis

According to this email, which claims to be from “Microsoft Department”,  you are no longer able to access your email account. Supposedly, Microsoft had to disable your online account for your own security.  

It suggests that the security problem might be because you either changed your address or submitted incorrect information during the initial registration process.   It warns that you must click a link to verify your account within 48 hours in order to avoid “full online suspension”.

The link opens a fraudulent website that mirrors the appearance of a genuine Microsoft Account login page.

If you log in on the fake page as instructed, online criminals can use the login details to hijack your Microsoft Account. Your Microsoft Account login may provide access to a number of linked services including, email, Skype, and OneDrive.

Thus, once they have gained access, the criminals can use these services to launch spam and scam campaigns in your name and conduct other fraudulent activities. They may also be able to steal personal information that you may have stored in the account.

Hoax Slayer

Action Fraud: Social Media Used to Steal Charity Donations:

 

« Who Owns The Data From The IoT?
‘Cyber War’ Is Fast Becoming Just ‘War’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.