publishing date icon
February 28, 2023
read time icon
1 min

Hackers trick people by making them believe they have been hacked in order to hack them

Phishing campaign mimicks official Microsoft email and tries to steal credentials by tricking users into believing their account has been hacked.

Hoxhunt

Threat Analyst Team

A new phishing campaign has been discovered that uses an email template similar to Microsoft's official email. The campaign aims to trick users into thinking that their Microsoft account email has been hacked and used as a recovery email address for a random Gmail account.

The email prompts the victim to remove the account as a recovery email by clicking on a button. However, the payload is most likely intended to lead to a Microsoft credential harvester. Although the payload does not load anymore, the attack was still able to convince users to click on the button.

The giveaway that this email is not genuine is the poor resolution of the logo. However, not all users may be able to detect this red flag, making the campaign potentially dangerous.

Off the hook – How to detect the attack and protect your organization from it

It's important to be vigilant when receiving emails from Microsoft or any other service provider. Users should check the sender's email address and look for any suspicious elements in the email. Additionally, hovering over links before clicking can help users identify potentially dangerous URLs.

In conclusion, users should be careful when receiving emails from seemingly reputable companies such as Microsoft. Always double-check the authenticity of the email before clicking any links or buttons. By being vigilant, you can avoid falling victim to phishing campaigns and safeguard both your personal and professional information.

Subscribe to All Things Human Risk

Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and evolving phishing threats in the ever-changing landscape.

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.