cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Outlook phishing

OK, this is a new one on me.

 

I got an email in one of my Outlook accounts. It said that a request had been made to cancel that particular Outlook account. Supposedly the email was from Outlook, and it had Microsoft logos and everything. It looked pretty legit, although it sounded really strange that someone would be able to request cancellation of my account.

 

Looking at the headers seemed to indicate that it had come from outlook.com.gr. Why should Microsoft be handling its email accounts out of Greece?

 

Of course it had a link in the body of the message to cancel the cancellation. That showed, on the face of it, that it was at Outlook. However, the link really went to a specific directory and file at https://ia601508.us.archive.org. Looking (carefully) at the link displayed a graphic that seemed to indicate that my account was being deactivated, although it never actually got to the end of its progress bar. And, of course, there was a big red "Cancel Deactivation" button which, when pressed, asked for my password to verify that it was me. Simple phishing, trying to steal my Outlook account.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
rslade
Influencer II

> Keyshawn (Viewer) posted a new reply in Threats on 12-22-2020 01:14 AM in the (ISC)² Community :

> Your submission really means a lot to us, and we hope you will continue
> contributing to this subreddit whether it is in the form of an informative
> post or an opinion piece. Please be sure to have read our Rules of
> Conduct and do not try to circumvent it. That means that any reference to
> 3rd party commercial products/services as a solution is strictly prohibited
> and will result in a permanent ban in this subreddit. Under very exceptional
> circumstances, you may appeal to the ban in a case-by-case basis.

OK, this sounds like a bot, and, since he/it only joined a short while ago, it looks
like a bot as well. Note that, during the pandemic, we have seen a massive
increase in all kinds of spam and fraud and phishing. I had at least three separate
"Amazon Prime" phone robocalls last night (and I have *never* had an Amazon
Prime account). Please be careful, and tell all your friends and family to be
careful, too: the blackhats are out there in force these days.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Although the world is full of suffering, it is also full of the
overcoming of it. - Helen Keller
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468