Microsoft phishing scam – Don’t click that email

Microsoft phishing scam – Don’t click that email

by Kurt Knutsson

Over the past few weeks, our readers have been writing in telling us that they have been receiving suspicious-looking emails presumably from Microsoft with a warning that their Microsoft password has expired.  There is a big blue button in this email that says “Keep Password”.   The subject header reads “High-severity Alert – Service request”.

The high severity alert here actually is that YOU SHOULD NOT CLICK THIS EMAIL!

Microsoft Phishing Scam email

This is another example of a phishing attack you should be aware of.

What is a phishing attack?

A phishing scam is one where criminals pretend to be real organizations in their email and text message communications in order to steal your personal information.

How to detect an email phishing scam

In the screengrab above from our Microsoft email, there are a few tell-tale signs that this is not real.

  • In the email screengrab above, it says the email is from Support.  Okay, that seems like it could be legitimate, however, my Microsoft Outlook inserted a red ! next to the word telling me that it is an invalid email address.
  • In the email above, the scammer wants to induce panic and urgency when you see that “High-severity alert” and “Action required!”
  • Note the Microsoft logo in the email isn’t quite right.  I will typically go to the actual website to look at the logo to compare.

Microsoft Phishing Scam-Logos Not The Same

 

    • THE BIGGEST FLAG I always look for is when I am on my desktop or laptop (not phone or tablet), I hover my mouse over the button.  I NEVER click the button, I just hover over the button. When I do this, the link address of the button is revealed.  As you’ll see in the screengrab above, the address is not from microsoft.com, but from another random address.
      • As noted above, you can not hover over a link on your phone or tablet (out of fear of clicking a link on your phone or tablet, don’t even try it).

Remember not to quickly react to these emails.  Always take a second to question whether what you’re receiving is real or not.  If you do question the authenticity of the email, go directly to the merchant source by typing it in your browser (i.e “microsoft.com”, log into your account and look to see if there is a message there indicating that you need to change your password.

Another phishing variation of the same email

We recently received this variation of the email above now asking us to “retain the same password”.  Again, note the return address and you’ll see that when I carefully hover my mouse over the button the web address goes to some random site.

Microsoft Email Phishing Attack

5 precautions to protect against phishing attacks

  1. Always keep your iOS or Android software up to date.
  2. Keep your browsers up to date.
  3. Question every email that comes in that indicates there is some sort of alert.
  4. Go to the company source to see if there is truly an issue.
  5. Install good security protection on all of your devices for the best protection.  My top pick is TotalAV (Limited time deal: $19 your first year (80% off).  More: Best Antivirus Protection in 2022 found here.

 

Related:


   

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder