'Microsoft Request Verification' Scam
Infosec researchers uncovered another harmful phishing campaign aiming to collect the users' login credentials. This time the lure emails are presented as a notification coming from Microsoft, asking recipients to verify their accounts. The fake emails imply that important information regarding a supposed order made by the user is contained in a linked document. to review the data in the documents, users are asked to click on the 'Verify Your Identity button found in the misleading emails.
As is typically the case when it comes to these phishing tactics, the provided button will direct users to a specially crafted phishing page. The visual appearance of the unsafe site may be similar to that of an official Microsoft page or adjusted to match the victim's email service provider. In either case, users will be asked to provide their account passwords to log in and view the details of the fake order. All of the information provided to the untrustworthy site will be compromised by becoming available to the fraudsters.
The consequences for the victims could be significant. Con artists may use the collected credentials to take over the corresponding email accounts and exploit them for numerous, fraudulent activities. They may ask the victim's contacts for money, spread malware, disseminate misinformation, or try to further expand their reach by compromising additional accounts connected to the breached email. The information collected by the fraudsters also may be packaged and offered for sale on hacker forums.