Microsoft phishing scam: how to stay safe

Rights, Scams and Politics

Updated on 21 March 2018 | 0 Comments

A classic Microsoft password reset scam is doing the rounds. Here's what it looks like and how to report it.

A new Outlook scam is landing in inboxes around the UK.

Victims will see an email popping up in their inbox with the subject line ‘Reset Password in Process’.

This is how it looks:

Outlook scam phishing email about password reset

It reads:

‘Your password reset is in process and your current password will be disable shortly the password reset link will be forward to the new optional email submitted

Ignore this email notification your request will take effect shortly

If you did not request this password reset
Use Cancel Request button to cancel the password and keep your [sic]

This action will take a brief period before this request takes effect
This is a mandatory communication about the service. To set communication preferences for other cases.’

Spelling and grammatical errors are the first thing to look out for, but if you're not sure, check things like the company address. In this instance, the address provided is actually for a Microsoft shop in Seattle that has closed down.

That's dodgy. What comes next?

The text is broken up by a ‘Cancel Request’ button which will take you through to a site which looks like this.

Outlook scam webpage

As much as the webpage itself seems real, the giveaway is in the browser bar.

The green padlock, ‘secure’ and 'https:' make the site appear genuine, but scammers have found ways to mock these features themselves. Read Scams: how spoofing, twitter clones, fake green padlocks and gift card 'fines' could catch you out for more.

It's the url – 'creativboom.id' – and the jumble of characters that follow – which shows this is clearly not from Microsoft.   

Keep yourself safe

Of course, the general advice still stands. Never reply to an email asking for personal information or account information, and don’t click on links or attached files.

If you want to double-check an email’s validity, ring the company on a number that you trust.

Scam emails should be reported to Microsoft though.

The simplest way to do it is to create a new blank email and address the email to junk@office365.microsoft.com or phish@office365.microsoft.com.

Copy and paste the scam into the email as an attachment and click send.

Or if you have the Report Message add-in on Outlook, choose the Report Message button on your screen and you’ll see a few different options:

  • Junk;
  • Phishing;
  • Not junk;
  • Options;
  • Help.

If you pick Junk, Phishing or Not Junk, you’ll have the option to send a copy of the message to Microsoft.

Think you've fallen victim to fraud? Check your credit report for anything suspicious

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.