I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my!
Not only is Microsoft holding five emails headed to me, but my “subscription” is expiring on the same day.
The “Unsubscribe” link was just a graphic, no URL. The URL to the main button, “Review All Held Messages results” was linked to the following path (shown below):
That is clearly not Microsoft or microsoft.com. I clicked on it. It took me to:
I immediately got what looked like a legitimate CAPTCHA message:
I am not sure if it was “real” or not, but I answered it. This led to another fake “CAPTCHA” check:
I am not sure why I am getting this second CAPTCHA check, but it was the first time a phish has asked me to prove that I was human. Some of the programming code seemed to be exploring if I was fully patched, but it was changed faster than I could get a copy of it, and I was not shown it again when I visited the website again.
Answering the second (fake) CAPTCHA took me to this link:
This took me to the standard fake O365 login to get my 0365 credentials:
Ultimately, this phishing attempt was mostly to steal 0365 credentials, one of the most popular phishing scams in existence.
I decided to write about this to share what happens with a large percentage of phishing emails, but also, whatever phishing list I am on, they appear to know that my private email domain is handled by Microsoft 0365 (or it could have been a random phishing connection).
I get so many fake 0365 login phishing emails to my personal account that I must be on some phishing list that sells or lists this particular attribute, but I am just speculating.
With KnowBe4 Defend you can:
