Email scams

Here's an email forwarded to me from a client recently.  The obvious questions, "Is this a scam? Is this safe?" 

From: Outlook account [mailto:[email protected]]
Sent: Friday, February 24, 2017 2:56 AM
To: [email protected]
Subject: You requested we should close your account.

Microsoft account


Dear User,

You recently requested we should discontinue your account.

We want to confirm if this request was made by you.

You are required to confirm if we should continue with the request or not.

Kindly follow directives below:

ABORT ACCOUNT CLOSURE

Sincerely

Microsoft Office365 


I get regular questions about emails similar to these so here’s your free IT lesson for the day.

If you get messages like these, the bad guys out there probably have your email and they’ll just keep coming after you.  Spam filters will catch the worst, but it's always a losing game chasing after the latest techniques. 

The technique behind this variant is called "phishing".  The scammer is attempting one of two things.  The most blatant is to extract logon credentials from you by directing you to a fake login page which purports to be some service you use.  If you don't have multi-factor authentication enabled the scammers can then easily turn around and login as you at the real website.  The more insidious would be to redirect you to a webpage which attempts to install software which tracks or controls activity on your computer to gather similar information from any website you visit.

So, it's a scam but how do you tell?
Two items to note in this example:
First is the phony email address which tries to look official but ends in reply.com.  I had a personal one caught by my spam quarantine that came from an amazonS.com address.  This is minor tweak to real addresses is a common practice for spoofed emails that is especially easy to miss since the sender's address is hidden in many mail clients.  It's more obvious here seeing the full address which isn't from an office365.com or microsoft.com address but from an office365.reply.com.  The reply.com portion is the true ownership of the address and giveaway it's faked.

Second, for Office 365 specifically and business emails in particular, this kind of email would go to an administrator and not to a user.  As a user you have no way to delete your own account.
As a general practice, clicking on account login links purportedly emailed from services you use is a bad idea.  It’s always safer to go to the links you have already or can find via a quick google search for the official website and look for notifications. 

If in doubt, always verify.  Contact someone you trust and ask their advice if necessary.  Those few moments of time could save you weeks of headaches.

Consultant
Technizent IT Management
303.918.3528



Popular Posts