Hackers created fake Outlook login page in phishing drive

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Hackers created a fake Outlook login page to capture the Microsoft account credentials of unsuspecting employees.
  • Such attackers can access troves of information stored on the victim's Microsoft account after stealing their login details.
  • For tips on securing your MS Outlook account, check out the Outlook Security section.
  • Don't hesitate to visit the Outlook page for insights and guides to handling Outlook issues, from crashes to errors.
Outlook password theft

The cloud enables enterprises (big and small) to deploy computing resources cost-effectively, at scale. But as users of Microsoft Outlook, Teams, Excel, and other Office 365 apps have come to realize, the platform has its own perils.

Hacking, which is one of the negative aspects of the cloud, reared its ugly head recently. This time around, hackers targeted Outlook accounts of employees in various organizations, according to an Abnormal Security report.

Phishing attackers used a fake Outlook login page

In this phishing attempt, the attacker sends an email designed to look like it comes from the genuine Microsoft Outlook team.

The email notifies the recipient that their organization expects all employees to migrate to a new MS Outlook web portal.

In addition, it injects a sense of urgency into the communication to compel the target to act faster.

The attacker impersonates an automated notification from the Outlook team on behalf of the recipient’s company. Recipients are urged to “upgrade” their Outlook services within 24 hours, or email deliveries to them will be delayed.

To migrate or upgrade to the new MS Outlook site, the victim has to unwittingly click on a login link that leads to a fake Outlook login page.

Since the attacker controls the fake sign-in portal, they have access to the Microsoft account user credentials that the victim types.

Once the hacker receives the victim’s login details, they can access troves of information stored on the Microsoft account. Similarly, you can’t rule out the possibility of the attacker compromising other accounts associated with the breached Outlook account.

The cloud though isn’t going anywhere despite the persistent hacking threats. But Office 365 users can protect their data and apps with the various security features available on the platform.

In addition, stronger password policies and password security awareness programs can help a great deal.

As always, you can share your opinion or ask any question about Microsoft account security in the comments section below.


More about the topics: Cybersecurity, Office 365