Fake Microsoft Phishing Scam

Uploaded on 2017-03-01 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

An Email purporting to be from “Microsoft Department” warns that you are no longer allowed to access your email account because the company has disabled your online access for security reasons.

The email is not from Microsoft and access to your email account has not been disabled. Instead, the email is a phishing scam designed to steal your Microsoft Account login credentials.

 

Example

Subject: Request 352 – on pending.

You are no longer allowed to access your e-mail account. We had to disable your online access for your security. This can be because of a recent change in your address or submitting incorrect information during the initial registration process.

Please verify your Hotmail account within the next 48 hours in order to avoid full online suspension. After an effective account verification you will be able to use your login as usual

Follow our secure verification page to proceed to an effective online Authentification.

[Link removed]

We respect your privacy and will not provide your personal information to other parties without your consent.

Sincerely, Ariane Hsia
Vice President Customer E-mail Service
Microsoft Department 2017

Please do not reply this e-mail as it not monitored

Detailed Analysis

According to this email, which claims to be from “Microsoft Department”,  you are no longer able to access your email account. Supposedly, Microsoft had to disable your online account for your own security.  

It suggests that the security problem might be because you either changed your address or submitted incorrect information during the initial registration process.   It warns that you must click a link to verify your account within 48 hours in order to avoid “full online suspension”.

The link opens a fraudulent website that mirrors the appearance of a genuine Microsoft Account login page.

If you log in on the fake page as instructed, online criminals can use the login details to hijack your Microsoft Account. Your Microsoft Account login may provide access to a number of linked services including, email, Skype, and OneDrive.

Thus, once they have gained access, the criminals can use these services to launch spam and scam campaigns in your name and conduct other fraudulent activities. They may also be able to steal personal information that you may have stored in the account.

Hoax Slayer

Action Fraud: Social Media Used to Steal Charity Donations:

 

« Who Owns The Data From The IoT?
‘Cyber War’ Is Fast Becoming Just ‘War’ »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

North American Electric Reliability Corporation (NERC)

North American Electric Reliability Corporation (NERC)

NERC is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America.

Post-Quantum

Post-Quantum

Post-Quantum offer a unique, patented quantum-resistant encryption algorithm that can be applied to existing products and networks.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

PKF Infuse

PKF Infuse

PKF Infuse provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.