One report points to a new phishing campaign being sent to users of Microsoft services. The attack involves an email claiming to warn users about account hacks coming from Russia-supported groups. When the unsuspecting target interacts with the email, the attackers steal log in credentials and other personal information. Cybersecurity firm Malwarebytes discovered the spam email attack pretending to be warning of Russian hacks. These mails also pretend to be from Microsoft, leading with the subject line “Microsoft account unusual sign-in activity.” As for the body of the email, it reads: Unusual sign-in activity We detected something unusual about a recent sign-in to the Microsoft account Sign-in details
Country/region: Russia/Moscow IP address: Date: Sat, 26 Feb 2022 02:31:23 +0100 Platform: Kali Linux Browser: Firefox
A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future. Report the user Thanks, The Microsoft account team
Attack
There is link button in the email to allow users to report the attack. There is also an unsubscribe option, adding more authenticitity to the email. Clicking the link opens a new message with “Report the users” as the subject. As for the recipient, it pretends to be Microsoft account protection services. “People sending a reply will almost certainly receive a request for login details, and possibly payment information, most likely via a bogus phishing page,” Malwarebytes explains. “It’s also entirely possible the scammers will keep everything exclusively to communication via email. Either way, people are at risk from losing control of their account to the phishers. The best thing to do is not reply, and delete the email.” Let’s be honest, this is a back to basics phishing campaign. Even so, Malwarebytes warns the current situation means more users are likely to fall for the scam: “Given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason,” researchers say. “[The emails] (deliberately or not) could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow.” Tip of the day: Due to the various problems that arise with microphones, it can often be necessary to perform a mic test. Microsoft’s OS doesn’t make it especially intuitive to listen to microphone playback or play the microphone through speakers. In our tutorial we show you how to hear yourself on mic with just a few clicks.