Spoofing Microsoft!

“There Has Been an Unusual Sign-in Activity on Your Microsoft Account” Has Become a Phishing Email Now! The latest phishing campaign is in fact spoofing Microsoft to steal users’ credentials.  →

The emails look nearly identical to Microsoft’s real email alerts, and the sender’s address is the same as Microsoft’s legitimate account security email address: account-security-noreply@accountprotection.microsoft.com.

Users have been receiving the email in this image, which is almost identical to the true email one would expect to receive from Microsoft. If you notice the “from” field, the title, the design and layout, even the structure of the email with the date and IP address and so on… The email is nearly perfect. Many users who see this is their inbox would believe it.

While the sender’s address should be scrutinized for irregularities, the absence of errors doesn’t mean the email is safe. It is relatively easy to “spoof” a domain name, which means that the sender pretends to send from a domain that is not theirs.

Me at DIS Computers sending email from info@starbucks.com, for example, is spoofing. Despite it being illegal (unless explicitly requested for training purposes), this technically simple action deceives the receiver into thinking someone credible sent them an email, while it would in fact be sent by a criminal.

The one way a user can tell this is not a legitimate email is the destination of the link. The link is supposed to lead you to Microsoft, while in fact it takes users to a phishing site that convincingly imitates Microsoft’s login page.

Users have been receiving the email in this image, which is almost identical to the true email one would expect to receive from Microsoft. If you notice the “from” field, the title, the design and layout, even the structure of the email with the date and IP address and so on… The email is nearly perfect. Many users who see this is their inbox would believe it.

While the sender’s address should be scrutinized for irregularities, the absence of errors doesn’t mean the email is safe. It is relatively easy to “spoof” a domain name, which means that the sender pretends to send from a domain that is not theirs.

Me at DIS Computers sending email from info@starbucks.com, for example, is spoofing. Despite it being illegal (unless explicitly requested for training purposes), this technically simple action deceives the receiver into thinking someone credible sent them an email, while it would in fact be sent by a criminal.

The one way a user can tell this is not a legitimate email is the destination of the link. The link is supposed to lead you to Microsoft, while in fact it takes users to a phishing site that convincingly imitates Microsoft’s login page.

As you can notice in the URL, this page that looks like a Microsoft office is on a site by the name of dynv6 [dot]net.
If a user would hover over the link in the email before clicking it, they would see at the bottom left corner of their browser (location may vary depending on browsers) the destination of the link. If it claims to be Microsoft but reads (something).dync6[dot]net, well you know not to click that. Right?

Right?!

Users who miss this hint, and still enter their credentials to this page, will be redirected to an error page on Microsoft’s website. This last page is a true and legitimate Microsoft site, leading the victim away from the attacker’s web page, completely unaware of the fact that they had submitted their credentials to the attacker’s database.

Just for the fun of it, I can direct you to the same page right now. Here, click this link and you will find yourself on the same error page those victims found themselves on: https://login.live.com/login.srf?wa=wsignin1.0

This can take another shape: Click here to submit your credentials, or to win a million dollars, or to just practice not falling for online scams (it’s the last one).

Imagine the confusion of a user who has not been educated on the matter, clicking through Microsoft to figure out what is wrong with their email; while in fact there is nothing wrong with it, except that the attacker now knows how to log into it.

If you have noticed that the Phishing page is not being served over a secured connection then great job! But it is important to note that It’s worth noting, though, because the attacker could have hosted the site on Microsoft Azure, which would have given it a windows.net domain with an SSL certificate issued by Microsoft.

Spoofing Microsoft

Spoofing Microsoft! “There Has Been an Unusual Sign-in Activity on Your Microsoft Account” Has...

URL Breakdown

So What is a URL?Websites do not actually have "names". They are referred to by numbers;...

WiFi – Free Doesn’t Mean Safe

WiFi – Free Doesn’t Mean Safe Do you rely on Wi-Fi while at a restaurant or hotel?While on...

Auto-fill: Can Lead to Financial Loss

Auto-Fill Can Lead To Financial Loss And Exposure Of Personal Information Is your personal...

Blue Keep

Update Your Windows Operating System, ASAP!The CISA which is the Department of Homeland Security’s...

A Warning Call

Those are fraudulent phone calls, are aiming at stealing your personal information, hoping to either use it in their malicious / criminal activity or sell it on the dark web for other cyber criminals to do so.

Phishing Exploiting Equifax Breach

Don't get robbed twice! The Equifax Data Breach that compromised close to 100 million records...

Users always need to stay alert and not enter any personal information on the sites they find fishy and should use a reliable security solution to remain safe.

But the best treatment remains prevention; learn how to read a URL and never click the wrong link again here on DIS Blog.

Contact DIS for a free network assessment with full documentation of our findings! Call us at 440.838.4111 or email us at info@discomputers.com

The DIS Difference

Clear Communication

We won't do geek speak - you'll understand exactly what we are doing with progress reports in between!

Problem Solving

Our goal is to solve your technical issues as quickly as possible. Our employees are compensated to fix issues faster!

Technology Consulting

If it involves technology, we can advise you. From managing your technology vendors to consulting on your ERP/CRM.

Find out how we can help...