There is a very realistic spoofed phishing email making the rounds that looks so close the the real Microsoft alert email, as to be almost undetectable. They even spoof the legitimate sender address of “account-security-noreply@accountprotection.microsoft.com”. So even if you are looking for signs of chicanery, it will be difficult for most users to tell it is fake. See an example below.
Clicking on the “Review recent activity” button will take you to a fake Microsoft login page. Fortunately, the web address in the address bar is obviously fake. But entering your user name and password will give the attacker what they came for. They would be able to take over your Outlook email, Office365 account, Skype account, and any other attached Microsoft services.
So be on the lookout for these impostors.
ShareAUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com