New Phishing Email Campaign Pretends to be a Notification for Unusual Sign-In Activity

Phishing campaigns are becoming more and more common with every passing day. Regardless of the fact that they are almost a decade old, these campaigns are still one of the most effective ways to hack an account. Most of these campaigns are successful because they are very well designed which makes it very difficult for the user to spot any possible issue. Recent unusual sign-in activity is one of the most well-designed phishing campaigns targeting Microsoft users and it is a true example of why phishing campaigns are effective.

Since the unusual sign-in activity emails are regularly sent to the users to help them keep eye on any un-usual sign-in from a different location or browser this email is quite predictable. According to BC  the new phishing campaign has been designed in a way that it seems almost identical to the actual unusual sign-in activity email. Once the user has received such email, there is a button attached to the email and to make it look authentic the sender address looks authentic too. Once the receivers click on the review recent activity button, the user lands on a fake landing page where the user is required to enter his credentials. These credentials obviously include the mail ID and the password. To identify if this is a phishing email or an actual email, it is very important to see the link that is used for the landing page. This is the only way to spot the difference.

Once the user enters the credentials, almost every time the user will end up on the error page. This error page tells the user that there is something wrong with the credentials and his request did not proceed to give the user an impression that there is nothing wrong with the email that has been sent but there has to be something wrong with the account of the user. The entered credentials are then recorded by the phishing campaign runner and that’s how they get access to the users' account.

The process might seem easy but it is very important to ensure that every time there is an unusual sign-in activity email the receiver must take his time to ensure the validity first.

Read next: Why Phishing Emails Are Still a Big Hit in The Hacking Industry

Featured photo: Calvio / Getty Images
Previous Post Next Post