
Cyberattack uses fake Microsoft alert to steal login credentials
Threat actors are sending phishing emails disguised as fake Microsoft Office account security alerts. The notification prompts the user to click on a link to review suspicious activity. If the target follows the instructions, their Microsoft Office account is compromised.
The Microsoft phishing email is crafted to look like a security notification. The subject line informs the reader that there has been a new sign in to their account. To make this attack more believable, the threat actor has spoofed the email domain of the target’s workplace and impersonated Microsoft.
The target is informed that there has been a new login to their Microsoft account. The messaging in the body of the phishing email looks like a typical new login alert – it lists an IP address of the new login and states that a Windows computer was used. The sender’s email address spoofs the victim’s corporate email, says a report by researchers at Abnormal Security. The messaging in the email attempts to scare the user and get them to act quickly to review this suspicious activity. They are instructed to click on a link to review their account.

If the victim clicks on the link in the alert, they are taken to a credential phishing page which uses Microsoft branding and design – which it is not. The victim’s email address is already filled in – making it even easier and faster for the victim to make a mistake. The credential phishing page instructs the user to enter in the Microsoft password. If they do so, their credentials are sent to the hackers and their work account is compromised.
Employees who use Microsoft Office for their work email are frequent targets of cyberattacks. The hackers are looking to gain access to personal data and valuable corporate emails. Once an email account is compromised, the threat actors can then scan emails looking for sensitive work documents, to gain access to financial accounts, or access other private information.

Business Email Compromise Scams
Hacked email accounts are used in Business Email Compromise (BEC) attacks. According the Federal Bureau of Investigations (FBI) BEC scams and accounted for $2.1 billion in losses between January 2014 and October 2019. The hacked email account can also be used to send more malicious emails to other employees with fraudulent requests for payment.
People often use the same username and password combination across multiple online accounts. Actor is able to get your password to your email account they can use that to log into other accounts using the very same password. The hacker can see from your emails what other online accounts you use. Even if you don’t use the same password, the threat actor has access to your email and can send password reset requests to your hacked email account.
How to Spot a Phishing Email
- The sending email address does not match the display name
- Read our guide on how to detect a phishing email
- Phishing email contain malicious links that are cloaked to hide the real landing page
- They may also contain malicious attachments
- Be highly suspicious of any email that urges you to act quickly
- Scrutinize the contents and links in the email. Rather than clicking on the links, go to the website in question directly using a web browser or call customer service