Microsoft phishing scam: how to stay safe

A classic Microsoft password reset scam is doing the rounds. Here's what it looks like and how to report it.

A new Outlook scam is landing in inboxes around the UK.

Victims will see an email popping up in their inbox with the subject line ‘Reset Password in Process’.

This is how it looks:

Outlook scam phishing email about password reset

It reads:

‘Your password reset is in process and your current password will be disable shortly the password reset link will be forward to the new optional email submitted

Ignore this email notification your request will take effect shortly

If you did not request this password reset
Use Cancel Request button to cancel the password and keep your [sic]

This action will take a brief period before this request takes effect
This is a mandatory communication about the service. To set communication preferences for other cases.’

Spelling and grammatical errors are the first thing to look out for, but if you're not sure, check things like the company address. In this instance, the address provided is actually for a Microsoft shop in Seattle that has closed down.

That's dodgy. What comes next?

The text is broken up by a ‘Cancel Request’ button which will take you through to a site which looks like this.

Outlook scam webpage

As much as the webpage itself seems real, the giveaway is in the browser bar.

The green padlock, ‘secure’ and 'https:' make the site appear genuine, but scammers have found ways to mock these features themselves. Read Scams: how spoofing, twitter clones, fake green padlocks and gift card 'fines' could catch you out for more.

It's the url – 'creativboom.id' – and the jumble of characters that follow – which shows this is clearly not from Microsoft.   

Keep yourself safe

Of course, the general advice still stands. Never reply to an email asking for personal information or account information, and don’t click on links or attached files.

If you want to double-check an email’s validity, ring the company on a number that you trust.

Scam emails should be reported to Microsoft though.

The simplest way to do it is to create a new blank email and address the email to junk@office365.microsoft.com or phish@office365.microsoft.com.

Copy and paste the scam into the email as an attachment and click send.

Or if you have the Report Message add-in on Outlook, choose the Report Message button on your screen and you’ll see a few different options:

  • Junk;
  • Phishing;
  • Not junk;
  • Options;
  • Help.

If you pick Junk, Phishing or Not Junk, you’ll have the option to send a copy of the message to Microsoft.

Think you've fallen victim to fraud? Check your credit report for anything suspicious

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.