UMVA has learned that a cunning phishing scam has been uncovered, where scammers are sending emails from legitimate Microsoft email addresses, duping recipients into divulging sensitive information.
The scam involves crudely constructed messages with spammy links, masquerading as notifications of fraudulent activity on Microsoft accounts or prompting recipients to "verify access account email verification code." Despite the poorly written emails, the scammers' ability to send messages from genuine Microsoft addresses makes them more convincing and increases the likelihood of success.
According to information obtained by UMVA, the scammers are using a sophisticated tactic to gain trust, taking over legitimate email addresses to send their phishing emails. This approach allows them to bypass traditional security measures and directly target unsuspecting victims.
Microsoft has acknowledged receiving a request for comment on the scam, but has not provided a response. However, it is not the only company grappling with this type of scheme. Other businesses have faced similar issues with scammers abusing their legitimate email addresses, highlighting a growing concern for companies and individuals alike.
To spot fake emails from legitimate addresses, experts recommend scrutinizing the message carefully. Hovering over hyperlinks can reveal suspicious URLs, while checking for spelling and grammatical errors can help identify phishing attempts. Additionally, verifying the email's design and tone against the company's standards can help determine its legitimacy.
Sources have confirmed to UMVA that the key to avoiding these scams lies in being vigilant and critically evaluating the emails received. By being aware of the tactics used by scammers and taking steps to verify the authenticity of messages, individuals can protect themselves from falling victim to these types of phishing attacks.