Scammers Unleash Aggressive Microsoft Windows-Themed Phishing Attack
Online scammers will back down at virtually nothing in their efforts to turnout creative campaigns that exploit legitimate outlets. A particular outlet recently exploited through an aggressive phishing scam is a spam campaign that uses a Microsoft-themed phishing scheme asking for email login credentials.
Phishing scams are becoming more cunning by the minute. In the latest undertakings of online cybercrooks, there has been reports of spam emails alleging to contain official documents from Microsoft. The messages look as if they came directly from Microsoft advising PC users that the Windows installation records are out of date and they must verify their email account.
Right off of the bat, a number of PC users will immediately identify this message as some type of scam. On the flip side of things, unfortunately, there is an abundance of trusting PC users who will take this message for face value and willingly relinquish their email login details after clicking on a link provided within the message.
The particular Microsoft-themed phishing message reads:
"It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for update. This requires you to verify your email account being the recipient of this update. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records."
Microsoft-themed phishing message asks for Gmail and other email login credentials - source: hoax-slayer.com
Once a link within the phishing message is clicked on, users are redirected to a phishing site where multiple email logins are asked for. Afterwards, the user is then redirected to a legitimate Microsoft site as a process of 'covering up'.
We must reiterate that companies such as Microsoft will never include login links in their email messages. Nor will such companies ask for your full email login credentials, especially ones not related to any services that they offer. In other words, your Gmail account login details have no business being entered on a suspicious-looking form or web page as shown in the phishing message image above.