Beware Of Fake Microsoft Account Unusual Sign-in Activity Emails

According to Bleeping Computer, attackers are capitalizing on this by sending emails that pretend to be “Microsoft account unusual sign-in activity” alerts from Microsoft. When compared to the legitimate email notifications sent by Microsoft, they look almost identical with the same information fields and even the same sender address of account-security-noreply@accountprotection.microsoft.com“.


EXPERTS COMMENTS
Corin Imai, Senior Security Advisor ,  DomainTools
August 12, 2019
It’s better to deal with a legitimate problem slightly slower than an illegitimate one promptly.
The most successful campaigns in the phishing world are those which mange to create a ‘call to action’ while seeming totally out of the ordinary at the same time. Receiving unusual sign-in alerts is not an unlikely scenario, and people will be likely to respond to these promptly in order to keep their online accounts safe – particularly for online account such as Microsoft, which are likely to contain personal or sensitive information. The issue is further compounded when we look at the email address used in this phishing attack – [account-security-noreply@accountprotection.microsoft.com] – which does not contain any of the traditional tell-tale signs of a phishing campaign. The best advice for anyone concerned they have been targeted by this campaign is for them to check via a legitimate Microsoft channel whether this request is genuine before acting on it – It’s better to deal with a legitimate problem slightly slower than an illegitimate one promptly.

Join the Conversation

Join the Conversation


In this article