Microsoft Log in Scam- Beware

Gosh they are getting better at this hideous scam attempt game.

Security-focused businesses often use passwords with expirations in the hopes that if an employee’s data is breached, regularly updated passwords will minimise the risk of an unauthorised individual gaining access to the user’s account. However, scammers are aware of this trick, and in a new phishing scam, they’re posing as Microsoft and warning recipients that the password to their email account expires today.

The subject line includes the date the message was sent and states that the email is a “Password Reminder Message for [recipient’s email address]”. Using the recipient’s address is a common tactic used by cybercriminals in an attempt to personalise the email. We can see that the attacker has used this move again in the sender name, which shows “[recipient’s email address] Password Keeping”, but it has actually been sent via a compromised account rather than one associated with Microsoft.

The email appears as a somewhat typical password expiry alert and uses Microsoft branding heavily. The user is directed to click a button to “Keep my same password” to “avoid login interruption”. Although the appearance of the email is relatively convincing, there are a few warning signs, including the English and grammar, as well as the “Notice” at the bottom of the message, which mentions BlueScope Steel, indicating that the attacker has either imitated this company in the past or copied their disclaimer to add a level of professionalism, and either way, they’ve forgotten to change the name to Microsoft.

Here’s what the email looks like:  

When clicking the link in the email, the user is directed to a verification page that uses a captcha system to evade automated scanning.

After the user is verified as a human, they’re taken to a phishing site that looks almost identical to the Microsoft login page where they’re prompted to enter their password.

If the victim does enter their password, they’re shown an error that states “Your account or password is incorrect. If you don’t remember your password, reset it now”. At this point, the password has been harvested by the scammer and stored for later use.

Scammers are always on the lookout to steal Microsoft credentials as they serve as the gateway to a business’s sensitive data and systems. Recently, Integer has also intercepted and begun blocking emails that appear like quarantined email alerts, password expiry notifications, Microsoft Teams invites, and DocuSign alerts, all with the intention of stealing business email credentials.

Integer advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.

Integer urges users not to click links or open attachments within emails that:

• Are not addressed to you by name.
• Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
• Are from businesses that you were not expecting to hear from, and/or
• Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.

If unwanted emails are a problem for your business, don’t wait until it’s too late.

One email is all that it takes.

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.

For a few dollars per staff member per month, you can protect your business. You can call anytime to secure your company’s inboxes.