Microsoft Account 'Outlook Web Access' Phishing Scam
OutlineEmail purporting to be from the Microsoft Account Team claims that recipients must click a link to upgrade their email account and set up Outlook Web Access.
© Depositphotos.com/ bloomua
Brief AnalysisThe email is not from Microsoft and the claim that users must click a link to upgrade their email accounts is a lie. The message is a phishing scam designed to trick users into sending their Microsoft account login details to criminals.
Upgrade Your Outlook Web Access (OWA).
From: Microsoft account team
upgrade your email account
To finish setting up this Microsoft account, we just need to make sure you did not loose any messages from your Microsoft Web Access.
Upgrade your email
If the upgrade link did not work click link below, click here to proceed.
The Microsoft account team
According to this email, which claims to be from the Microsoft Account Team, recipients need to click a link in the message to finish setting up their Microsoft account. The message instructs users to click an 'upgrade your email account' link to allow Outlook Web Access and ensure that they do not lose any emails.
However, the email is not from Microsoft and the claim that users must follow a link to upgrade their email account is untrue. Instead, the email is a criminal ruse designed to trick people into giving their Microsoft account details to cybercriminals. Those who fall for the trick and click one of the links as instructed will be taken to a bogus 'Microsoft' website that displays the following login form:
Meanwhile, the criminals responsible for the phishing campaign can use the stolen credentials to hijack the real Microsoft accounts belonging to their victims. A 'Microsoft account' is the new name for what was previously known as a 'Windows Live ID.' The one set of login details can be used to access a number of Microsoft services, and are thus a valuable target for scammers.
Online criminals commonly use such phishing techniques. Be wary of any message that claims that you must click a link or open an attachment to upgrade account details, rectify a supposed account issue, or implement new 'security' measures. If you receive a suspect message, do not click on any links or open any attachments that it contains. Instead, login to your account by entering the address into your web browser or via an official account application.