So I got this really interesting email, I kind of want to demonstrate how this phishing idea works.
The email says:
“(title)Microsoft account unusual sign-in activity.
We detected a recent sign in Windows device. You are getting this email to make sure it was you. To keep you safe, we require an extra security challenge (button) “Review recent activity” To opt out or change where you receive security notifications, Click here.
@ 2018 Microsoft”
The email says it is from Office 365 but if you notice in the header of the email, (<firstname.lastname@example.org>) this is not a Microsoft account. That is when you should delete the email, but let’s keep going to see what happens.
When I click the “Review recent activity” link provided, it takes me a website that looks like an Office365 sign in… but again if you look at the URL (gen.hobbytalks.ik/365new/ezege/…) it is NOT Office365. This again would be a good place to turn back, but let’s keep going.
What’s interesting though, Lets just put in some fake information: email@example.com, I then hit the “next” button and it asks me for my password, let say “NotInAMillionYears”… and watch what happens when I sign in.
It’s actually redirecting to Microsoft Outlook (https://outlook.live.com/..) , So it doesn’t even look like I was caught in a phishing scam.
It redirected me to my email, Outlook then saves that in my system. So an unsuspecting user would have just gotten their email account hacked.
Make sure you look at the email address and the URLs to be sure it is a legitimate site. Something to think about when looking at phishing attacks and how smart they’re getting.