I recently received a Microsoft phishing email in my inbox. The phishing email could appear legit to many recipients, they are designed to trick the victim.
Typically, I do not get a lot of phishing emails on a regular basis and I can’t recall the last time I received one claiming to be from Microsoft.
Microsoft Phishing Email
The Microsoft phishing email informs me there has been unusual sign-in activity on my Microsoft account. The wording used in the Microsoft Phishing Email is intended to scare users into thinking it is a legit email from Microsoft.
The Microsoft phishing email states there has been a sign-in attempt from the following:
- Wed, 02 Mar 2022 19:10:47 +0100
- Kali Linux
This information has been chosen carefully by the scammer. Anyone that knows what Kali Linux is used for would probably panic at this point. Kali Linux is used for hacking and is the preferred operating system used by hackers.
After researching the actual IP address stated in the Microsoft phishing email, it appears to be from India. The scammer has made a mistake, i guess he is too lazy to use an actual Russian IP address to make it appear more authentic.
Full Email – Microsoft Outlook Phishing Email
Let’s take a look at the outlook phishing email, appearance-wise it does look like one of the better ones I’ve come across.
Security alert <[email protected]> Wed 02/03/2022 18:11 Microsoft account Unusual sign-in activity We detected something unusual about a recent sign-in to the Microsoft account Sign-in details Country/region: Russia/Moscow IP address: 18.104.22.168 Date: Wed, 02 Mar 2022 19:10:47 +0100 Platform: Kali Linux Browser: Firefox A user from Russia/Moscow just logged into your account from a new device, If this wasn't you, please report the user. If this was you, we'll trust similar activity in the future. Report The User To opt out or change where you receive security notifications, click here. Thanks, The Microsoft account team
Sign In Attempts – Microsoft Outlook
Microsoft email users can check attempted sign in attempts on their Outlook account. To check sign in attempts choose the Security option on your Microsoft account. Next, select the sign-in activity option on the screen to check the information held.
As shown in the screenshot I have multiple unsuccessful sign-in attempts daily. It’s not something I worry about as I have two-factor authentication set up on the account.
Where To Report Phishing Emails
Reporting phishing emails to Microsoft is easy if you have an outlook account.
To report a phishing email to Microsoft start by opening the phishing email. Next, click the junk option from the Outlook menu at the top of the email.
A drop-down menu will appear, select the report phishing option. A phishing report will now be sent to Microsoft in the background.
Outlook users can additionally block the sender if they receive numerous emails from a particular email address. Generally speaking, scammers will use multiple email addresses so this could be seen as pointless.
Other Phishing Email Reporting Tools
Additionally, Phishing emails can be reported to numerous authorities or directly to your local Police Force.
The USA Government Website has a wealth of useful information on reporting phishing and scams to them.
09/08/2022 – Update – Fake Microsoft Email
The Microsoft phishing email is circulating again with the same details as shown above but this time appears to be coming from the following email addresses:
If you have received the latest one please block the senders, delete the email and forget about it.