Fake Microsoft Phishing Scam

Uploaded on 2017-03-01 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

An Email purporting to be from “Microsoft Department” warns that you are no longer allowed to access your email account because the company has disabled your online access for security reasons.

The email is not from Microsoft and access to your email account has not been disabled. Instead, the email is a phishing scam designed to steal your Microsoft Account login credentials.

 

Example

Subject: Request 352 – on pending.

You are no longer allowed to access your e-mail account. We had to disable your online access for your security. This can be because of a recent change in your address or submitting incorrect information during the initial registration process.

Please verify your Hotmail account within the next 48 hours in order to avoid full online suspension. After an effective account verification you will be able to use your login as usual

Follow our secure verification page to proceed to an effective online Authentification.

[Link removed]

We respect your privacy and will not provide your personal information to other parties without your consent.

Sincerely, Ariane Hsia
Vice President Customer E-mail Service
Microsoft Department 2017

Please do not reply this e-mail as it not monitored

Detailed Analysis

According to this email, which claims to be from “Microsoft Department”,  you are no longer able to access your email account. Supposedly, Microsoft had to disable your online account for your own security.  

It suggests that the security problem might be because you either changed your address or submitted incorrect information during the initial registration process.   It warns that you must click a link to verify your account within 48 hours in order to avoid “full online suspension”.

The link opens a fraudulent website that mirrors the appearance of a genuine Microsoft Account login page.

If you log in on the fake page as instructed, online criminals can use the login details to hijack your Microsoft Account. Your Microsoft Account login may provide access to a number of linked services including, email, Skype, and OneDrive.

Thus, once they have gained access, the criminals can use these services to launch spam and scam campaigns in your name and conduct other fraudulent activities. They may also be able to steal personal information that you may have stored in the account.

Hoax Slayer

Action Fraud: Social Media Used to Steal Charity Donations:

 

« Who Owns The Data From The IoT?
‘Cyber War’ Is Fast Becoming Just ‘War’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

BigBear.ai

BigBear.ai

BigBear.ai delivers high-end analytics capabilities across the data and digital spectrum to deliver information superiority and decision support.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.