Microsoft 'Password Expiring' Phishing Scam
November 7, 2022
This is an important alert for all our Microsoft Office 365 users. If you have received an email with a subject line something like, “Office 365 Password About to Expire” claiming that your account’s password is about to expire, this is a phishing scam being sent by cybercriminals and not by Microsoft.
Scammers behind this phishing email seek to trick recipients into believing that the password for their Microsoft Office account is going to expire soon and they need to update this as soon as possible if they wish to avoid any login problems and/or loss of access to the account.
The provided website link is designed to open a fake Microsoft Office account login page on which visitors are asked to enter their email address, current password, new password, and then confirm the new password.
By entering the requested details, users provide their MS Office login credentials to scammers/cyber criminals.
These scammers can misuse stolen accounts to access files, photos, and other personal files/data. Depending on files accessed, cyber criminals could misuse them to make fraudulent purchases and transactions, spread phishing scams like this one further, send malspam, steal identities, etc.
Here’s what the malicious email looks like.
Microsoft users should never click on a link in an email to sign in to their accounts, they should instead, go directly to https://account.microsoft.com/ and sign-in from there. If there is something that needs to be done to the accounts, you will be notified. This will prevent Microsoft users from visiting phishing websites disguised as a legitimate Microsoft website that steals account credentials.