A Sophisticated Phishing Example

Standard

I wanted to share this email that I received today.  It’s a sophisitcated example of a phishing attack.  An email that looks remarkably legitimate and aims to trick you to click a link and log in to what may look like a legitimate site, but is actually a site designed to capture your login credentials.  Once captured, the hackers use your credentials to compromise your account and impersonate you.  Check out this message…

New-Office-365-Phishing-3047459221-1552525451126.png

This is a remarkably well crafted message.  Many users would click on the Click Here link and get caught by this phish.  Let’s look at this message more deeply and see how we could learn that this is not legitimate.

Email Address

When you hover you mouse over the link with the email address, you will see that this is a correct link showing the right email address.

However…

Click Here

When you hover your mouse over the “Click Here” link you will see a long URL that is actually malicious.  The domain is not Microsoft, nor Office 365 and will take you to the compromised web site that will capture your login information and compromise your identity.

Set-Your-Preferences.png

Hovering over the “set your Message center preferences” reveals the same malicious link.

Privacy-Statement.png

As it does when you hover over the Privacy Statement.

Fake-Address.png

If you have received communication from Microsoft in the past, you may recall that Microsoft’s address in One Microsoft Way, not One Micro Ave.  This would be an indicator that this email is not legitimate.

Unsubscribe

Finally, don’t fall for the “Unsubscribe” trick.  You might think that unsubscribing would be a good idea to try to stop these phishing messages.  But when you hover your mouse over the unsubscribe link, you will see it links to the same malicious site as all the other bad links.

To summarize, the first link in this email is legitimate, all the rest, are not.  This is a sophisticated phishing message that looks very real.  You simply can’t be too careful.  Don’t get caught falling for this attack.  Stay safe online!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.