I wanted to share this email that I received today. It’s a sophisitcated example of a phishing attack. An email that looks remarkably legitimate and aims to trick you to click a link and log in to what may look like a legitimate site, but is actually a site designed to capture your login credentials. Once captured, the hackers use your credentials to compromise your account and impersonate you. Check out this message…
This is a remarkably well crafted message. Many users would click on the Click Here link and get caught by this phish. Let’s look at this message more deeply and see how we could learn that this is not legitimate.
When you hover you mouse over the link with the email address, you will see that this is a correct link showing the right email address.
When you hover your mouse over the “Click Here” link you will see a long URL that is actually malicious. The domain is not Microsoft, nor Office 365 and will take you to the compromised web site that will capture your login information and compromise your identity.
Hovering over the “set your Message center preferences” reveals the same malicious link.
As it does when you hover over the Privacy Statement.
If you have received communication from Microsoft in the past, you may recall that Microsoft’s address in One Microsoft Way, not One Micro Ave. This would be an indicator that this email is not legitimate.
Finally, don’t fall for the “Unsubscribe” trick. You might think that unsubscribing would be a good idea to try to stop these phishing messages. But when you hover your mouse over the unsubscribe link, you will see it links to the same malicious site as all the other bad links.
To summarize, the first link in this email is legitimate, all the rest, are not. This is a sophisticated phishing message that looks very real. You simply can’t be too careful. Don’t get caught falling for this attack. Stay safe online!