Fake Microsoft Phishing Scam
An Email purporting to be from “Microsoft Department” warns that you are no longer allowed to access your email account because the company has disabled your online access for security reasons.
The email is not from Microsoft and access to your email account has not been disabled. Instead, the email is a phishing scam designed to steal your Microsoft Account login credentials.
Example
Subject: Request 352 – on pending.
You are no longer allowed to access your e-mail account. We had to disable your online access for your security. This can be because of a recent change in your address or submitting incorrect information during the initial registration process.
Please verify your Hotmail account within the next 48 hours in order to avoid full online suspension. After an effective account verification you will be able to use your login as usual
Follow our secure verification page to proceed to an effective online Authentification.
[Link removed]
We respect your privacy and will not provide your personal information to other parties without your consent.
Sincerely, Ariane Hsia
Vice President Customer E-mail Service
Microsoft Department 2017
Please do not reply this e-mail as it not monitored
Detailed Analysis
According to this email, which claims to be from “Microsoft Department”, you are no longer able to access your email account. Supposedly, Microsoft had to disable your online account for your own security.
It suggests that the security problem might be because you either changed your address or submitted incorrect information during the initial registration process. It warns that you must click a link to verify your account within 48 hours in order to avoid “full online suspension”.
The link opens a fraudulent website that mirrors the appearance of a genuine Microsoft Account login page.
If you log in on the fake page as instructed, online criminals can use the login details to hijack your Microsoft Account. Your Microsoft Account login may provide access to a number of linked services including, email, Skype, and OneDrive.
Thus, once they have gained access, the criminals can use these services to launch spam and scam campaigns in your name and conduct other fraudulent activities. They may also be able to steal personal information that you may have stored in the account.
Action Fraud: Social Media Used to Steal Charity Donations: