Hackers Impersonate Microsoft in Latest Phishing Campaign

Researchers at Avanan, a Check Point Software Company, have released its newest research discussing how hackers are creating realistic messages to report unusual activity to Microsoft. Instead of sending the message to a legitimate source, the hacker has created a “Mail-to” link that will automatically open up a new email, with the recipient being the hacker. 

In this email, hackers are sending what looks like an “Unusual sign in activity” alert, a common notification that Microsoft sends out when an account has an unusual sign-in. The email encourages the end-user to “report” this activity. Clicking on “Report the User” will open up a new email with the sender address, subject and body already populated. The hacker will reply to the sent message, asking the end-user for log-in information.

You can read the research here.

Leave a Reply

%d bloggers like this: