Phishers trick users in new email scam disguised as Suspicious Sign-In alerts for Microsoft accounts

• The emails ask the recipients to click on ‘Review recent activity’ to check the unusual activities.
• Once users click on the link, they are redirected to a fake Microsoft login page that asks them to provide their login credentials.

A new phishing campaign that lures users into sharing their login credentials has been observed recently. The campaign is carried out via emails that pretend to be ‘Microsoft account unusual sign-in activity’ alerts.

How does it work?

According to Bleeping Computer, scammers pretend to be employees from Microsoft and send emails that alert users about unusual activity in their accounts. The emails go with the subject line ‘Microsoft account unusual sign-in activity’ and are sent from a sender ‘account-security-noreply@accountprotection[.]microsoft[.]com’.

The emails ask the recipients to click on ‘Review recent activity’ to check the unusual activities.

Once users click on the link, they are redirected to a fake Microsoft login page that asks them to provide their login credentials. When a victim enters their credentials, the information will be saved for phishers to conduct identity theft in the future.

No matter what credentials are entered in the fake login form, the user will be redirected to an error page on Microsoft’s live[.]com site.

How to address the issue?

It is always advised to cross-check the sender’s email address before falling for such emails. It is important to pay attention to the URLs of the landing pages before sharing login credentials. Users should also closely look for the spelling mistakes and grammar issues in the email, as this is one of the telltale signs of a phishing email.