Microsoft “Immediate Verification Process ” Phishing Scam

Outline:
Email purporting to be from Microsoft claims that your Microsoft account requires an immediate verification process to avoid termination and you must therefore reply with your password and other personal information.

Brief Analysis:
The email is not from Microsoft and your Microsoft account will not be terminated if you do not reply. The message is a phishing scam designed to steal your Microsoft Account login details and other personal details.



Example:
Dear valued user,Your Microsoft email account requires an immediate verification process to avoid termination. Failure to do this your account will be permanently blocked to help protect your account from fraud or abuse of your important files we are going to permanently block your account if not verified . We know having your account blocked is frustrating , but we can help you get it back easily in one step. Click your reply tab, Fill the columns below and send back to us or your email account will be permanently blocked .Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

* Full Name: ……………………………………………..
* User name:……………………………………………..
* Password:………………………………………………..
* Date of Birth: …………………………………………
* Country Or Territory:……………………………..
* Alternative Email…………………………………..
* Alternative password……………………………..

Warning!!! Account owner that fails to verify his/her account after 48 hours of
receiving this warning will lose his or her account permanently.

You received this email because you subscribed to Microsoft alerts.
This is a non monitored email account. This email was sent by Microsoft
Corporation, One Microsoft Way, Redmond, WA 98052. 2016 Microsoft Corporation.

Thank you for using Microsoft services.

Microsoft Email Verfication Scam





Detailed Analysis:
According to this email, which purports to be from Microsoft,  your Microsoft email account requires an immediate verification process to avoid termination. The message warns that, if you fail to verify as instructed within 48 hours, your email account will be permanently blocked.

The email instructs you to click “reply” and provide your account username and password along with your name, date of birth, and country. It also asks you to provide your alternative email address and password. The email claims that, when you reply, your password will be encrypted “for your password safety”.

The message is professionally presented and features the Microsoft logo and other graphics.

However, it is certainly not from Microsoft and the claim that your account will be blocked if you do not complete the supposed verification process is untrue. In fact, the email is a phishing scam designed to steal your Microsoft Account login details and other personal information.

If you reply as instructed, online criminals can use the information you supplied to hijack your Microsoft Account. Your Microsoft Account login provides access to a number of Microsoft’s services including, email, Skype, and OneDrive. Thus, once they have gained access, the criminals can use these linked services to launch spam and scam campaigns in your name and conduct other fraudulent activities.

They can also steal any personal information your have stored in the account. They may be able to use this information,  along with the personal details they collected from your initial reply,  to steal your identity.

Moreover, if you supplied login details for an alternative email account, they can hijack that account as well.

Keep in mind that Microsoft – or any other legitimate company – will never ask customers to reply to an unsecure email with their account passwords and other sensitive information. Despite the claims in the scam email, sending your password via an email reply would certainly not be safe.

Microsoft phishing scams like this one are very common. In the following Hoax-Slayer YouTube video we cover a similar scam attempt:

It is always safest to login to your online accounts by entering the address into your browser’s address bar or via a trusted app.

The Microsoft website includes information about such phishing scams and how to report them.




Last updated: September 19, 2016
First published: September 19, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams – Anti-Phishing Information
Microsoft Outlook ‘Account Exceeded Storage Limit’ Phishing Scam
How to recognize phishing email messages, links, or phone calls