Windows 10 News and info | Forum

Windows 10 & 8 Modifying => Patch Tuesday| Updates | Security | Anti-virus => Topic started by: javajolt on August 12, 2019, 11:31:48 AM



Title: Beware of Fake Microsoft Account Unusual Sign-in Activity Emails
Post by: javajolt on August 12, 2019, 11:31:48 AM
(http://i.postimg.cc/YCzx2qn8/phishing-header.jpg)

In this article, we take a look at a phishing campaign that pretends to be an "Unusual sign-in activity" alert from Microsoft that could easily trick someone into clicking on the enclosed link.

With companies such as Google and Microsoft commonly sending users alerts when unusual activity has been discovered on their account, users may feel its normal to receive them and would then click on the enclosed link.

Attackers are capitalizing on this by sending emails that pretend to be "Microsoft account unusual sign-in activity" alerts from Microsoft. When compared to the legitimate email notifications sent by Microsoft, they look almost identical with the same information fields and even the same sender address of "account-security-noreply@accountprotection.microsoft.com".

(http://i.postimg.cc/mrGMxNZn/phishing-email.jpg)
Microsoft account unusual sign-in activity email

What's different, though, is that when you click on the "Review recent activity" email link, instead of going to Microsoft to review your account's sign-in activity, you are brought to a fake landing page on a non-Microsoft site that asks you to log in.

(http://i.postimg.cc/nzdrRqwN/fake-microsoft-account-login.jpg)
Fake Microsoft Account Login

When a victim enters their credentials, the information will be saved for the phishers to retrieve later so that they can access your account.

No matter what credentials are entered in the fake login form, the user will always be redirected to an error page on Microsoft's live.com site. This is to make it look like there is a problem with your account and that nothing strange is going on.

(http://i.postimg.cc/DwJC2TVM/failed-login.jpg)
Failed Login

While some users may have felt that the emails are safe because they are coming from a legitimate Microsoft email address, it is always important to remember that the From email address can always be spoofed to be from any account an attacker wants.

Therefore, even if a phishing email looks legitimate, it is important to pay attention to the URLs of the landing pages before entering your login credentials in a displayed login form.

source (http://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-account-unusual-sign-in-activity-emails/)