I recently received a Microsoft phishing email in my inbox. The phishing email could appear legit to many recipients, they are designed to trick the victim.

Typically, I do not get a lot of phishing emails on a regular basis and I can’t recall the last time I received one claiming to be from Microsoft.

Microsoft Phishing Email

The Microsoft phishing email informs me there has been unusual sign-in activity on my Microsoft account. The wording used in the Microsoft Phishing Email is intended to scare users into thinking it is a legit email from Microsoft.

The Microsoft phishing email states there has been a sign-in attempt from the following:

• Russia/Moscow
• 103.225.77.255
• Wed, 02 Mar 2022 19:10:47 +0100
• Kali Linux
• Firefox

This information has been chosen carefully by the scammer. Anyone that knows what Kali Linux is used for would probably panic at this point. Kali Linux is used for hacking and is the preferred operating system used by hackers.

After researching the actual IP address stated in the Microsoft phishing email, it appears to be from India. The scammer has made a mistake, i guess he is too lazy to use an actual Russian IP address to make it appear more authentic.

Full Email – Microsoft Outlook Phishing Email

Let’s take a look at the outlook phishing email, appearance-wise it does look like one of the better ones I’ve come across.

Security alert <[email protected]>
Wed 02/03/2022 18:11
Microsoft account
Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account 
Sign-in details
Country/region: Russia/Moscow
IP address: 103.225.77.255
Date: Wed, 02 Mar 2022 19:10:47 +0100
Platform: Kali Linux
Browser: Firefox
A user from Russia/Moscow just logged into your account from a new device, If this wasn't you, please report the user. If this was you, we'll trust similar activity in the future.
Report The User
To opt out or change where you receive security notifications, click here.
Thanks,
The Microsoft account team

Sign In Attempts – Microsoft Outlook

Microsoft email users can check attempted sign in attempts on their Outlook account. To check sign in attempts choose the Security option on your Microsoft account. Next, select the sign-in activity option on the screen to check the information held.

As shown in the screenshot I have multiple unsuccessful sign-in attempts daily. It’s not something I worry about as I have two-factor authentication set up on the account.

Where To Report Phishing Emails

Reporting phishing emails to Microsoft is easy if you have an outlook account.

To report a phishing email to Microsoft start by opening the phishing email. Next, click the junk option from the Outlook menu at the top of the email.

A drop-down menu will appear, select the report phishing option. A phishing report will now be sent to Microsoft in the background.

Outlook users can additionally block the sender if they receive numerous emails from a particular email address. Generally speaking, scammers will use multiple email addresses so this could be seen as pointless.

Other Phishing Email Reporting Tools

Additionally, Phishing emails can be reported to numerous authorities or directly to your local Police Force.

The National Cyber Security Centre based in the UK investigates phishing websites and emails. To report a phishing email directly to them please forward it to [email protected]

The USA Government Website has a wealth of useful information on reporting phishing and scams to them.

Related information and examples can be found on the following Scam and Phishing categories of our website.

09/08/2022 – Update – Fake Microsoft Email

The Microsoft phishing email is circulating again with the same details as shown above but this time appears to be coming from the following email addresses:

• [email protected] [email protected]
• [email protected] [email protected]

If you have received the latest one please block the senders, delete the email and forget about it.