Phishing emails come in many variants. Often they are an attempt to phish user credentials, which can be used by the attacker or sold on the darkweb.
Below is an example of an email designed to phish Outlook or Office 365 credentials.
Outlook is an online email service provided by Microsoft. Office 365 is Microsoft’s Office subscription service.
If someone was able to steal your password to either of these services they would then have access to your email, and if you are using it, files stored in OneDrive.
In this case, the spammer isn’t targeting one group, but instead killing two birds with one stone by targeting Outlook.com and Office 365 Users. This gives them a higher number of potential victims.
If someone is able to access your email account, they will be able to access all your online accounts by resetting your passwords.
The spammer has used several techniques to try and get the recipient to lower their guard.
If you’ve noticed; the email says it is from Outlook Office365 and shows that it come from the email address: outlook @ office365.com.
Spammers can make an email appear to come from any email address. This is called spoofing. This gives the impression that the email is legitimate because it appears to come from a legitimate source.
The email arrived with the subject Security Alert. When you’re signing into a service on a new device, you will often receive a “security alert” email. This is a feature offered by many online services so that you are alerted if someone was to access your account.
The spammer is hoping that the subject of Security Alert is enough to tempt you to open the email.
The email goes on to say that there has been a new sign in from a Linux device. The spammer is mentioning an operating system with a low market share to again get you to lower your guard.
If the email mentioned a new sign in from Windows (which has a high market share), the recipient may just think it was themselves signing in to the service. But, by saying there was a new sign in from Linux, the spammer is hoping that the user is not a Linux user and will want to block this “attacker” from accessing their account.
The email has a button to click to “check activity”. This button is directed to a phishing website. The website looks legitimate and uses the Outlook.com logos and layout. If you were to enter your credentials into the website to “sign in”, these credentials would be sent to the spammer, who can now access the you account or resell the credentials on the darkweb.
Always take caution when an email is asking you act urgently. If you are unsure, you can sign into the service via the web browser (as apposed to clicking a link). Most services now have notifications within the service itself, and will alert you to security related items.
With Outlook, you can visit https://accounts.microsoft.com and click the Security link to view more details about the security of your account. From this menu you can see Sign-in Activity, Check Password Security (and turn on 2FA), and update your security information.
If you have fallen for a Outlook.com phishing email, Microsoft have some resources on the steps you can take.
To see learn about other scams and methods scammers are using, check out the ScamWatch website.
You can also check out other Tech Tips articles by Grenfell Internet Centre. Don’t forget to share this blog post with family and friends!