Home ScamsPhishing Scams Microsoft “Immediate Verification Process ” Phishing Scam

Microsoft “Immediate Verification Process ” Phishing Scam

by Brett M. Christensen

Outline:
Email purporting to be from Microsoft claims that your Microsoft account requires an immediate verification process to avoid termination and you must therefore reply with your password and other personal information.

Brief Analysis:
The email is not from Microsoft and your Microsoft account will not be terminated if you do not reply. The message is a phishing scam designed to steal your Microsoft Account login details and other personal details.



Example:
Dear valued user,Your Microsoft email account requires an immediate verification process to avoid termination. Failure to do this your account will be permanently blocked to help protect your account from fraud or abuse of your important files we are going to permanently block your account if not verified . We know having your account blocked is frustrating , but we can help you get it back easily in one step. Click your reply tab, Fill the columns below and send back to us or your email account will be permanently blocked .Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

* Full Name: ……………………………………………..
* User name:……………………………………………..
* Password:………………………………………………..
* Date of Birth: …………………………………………
* Country Or Territory:……………………………..
* Alternative Email…………………………………..
* Alternative password……………………………..

Warning!!! Account owner that fails to verify his/her account after 48 hours of
receiving this warning will lose his or her account permanently.

You received this email because you subscribed to Microsoft alerts.
This is a non monitored email account. This email was sent by Microsoft
Corporation, One Microsoft Way, Redmond, WA 98052. 2016 Microsoft Corporation.

Thank you for using Microsoft services.

Microsoft Email Verfication Scam





Detailed Analysis:
According to this email, which purports to be from Microsoft,  your Microsoft email account requires an immediate verification process to avoid termination. The message warns that, if you fail to verify as instructed within 48 hours, your email account will be permanently blocked.

The email instructs you to click “reply” and provide your account username and password along with your name, date of birth, and country. It also asks you to provide your alternative email address and password. The email claims that, when you reply, your password will be encrypted “for your password safety”.

The message is professionally presented and features the Microsoft logo and other graphics.

However, it is certainly not from Microsoft and the claim that your account will be blocked if you do not complete the supposed verification process is untrue. In fact, the email is a phishing scam designed to steal your Microsoft Account login details and other personal information.

If you reply as instructed, online criminals can use the information you supplied to hijack your Microsoft Account. Your Microsoft Account login provides access to a number of Microsoft’s services including, email, Skype, and OneDrive. Thus, once they have gained access, the criminals can use these linked services to launch spam and scam campaigns in your name and conduct other fraudulent activities.

They can also steal any personal information your have stored in the account. They may be able to use this information,  along with the personal details they collected from your initial reply,  to steal your identity.

Moreover, if you supplied login details for an alternative email account, they can hijack that account as well.

Keep in mind that Microsoft – or any other legitimate company – will never ask customers to reply to an unsecure email with their account passwords and other sensitive information. Despite the claims in the scam email, sending your password via an email reply would certainly not be safe.

Microsoft phishing scams like this one are very common. In the following Hoax-Slayer YouTube video we cover a similar scam attempt:

It is always safest to login to your online accounts by entering the address into your browser’s address bar or via a trusted app.

The Microsoft website includes information about such phishing scams and how to report them.




Last updated: September 19, 2016
First published: September 19, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams – Anti-Phishing Information
Microsoft Outlook ‘Account Exceeded Storage Limit’ Phishing Scam
How to recognize phishing email messages, links, or phone calls

 

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer