Today I got the above email in my Hotmail email ID with title reading “Unusual sign-in activity”. I haven’t been to South Africa but I thought some hacker might have been trying from there and I need to change my password immediately. I was about to click on the link, when this struck me. The big blue button on bottom which read “Re-Active Account” is grammatically wrong (spelling mistake for Re-Activate?), but rest of the email looked exactly like the email that comes from Microsoft. On mouse-over to the click-here text which showed a tiny.cc URL as seen above, it became obvious this email is not from Microsoft and is a phishing attack.

A convincing looking email masquerading as from Outlook.com-phishing attack

A convincing looking email masquerading as from Outlook.com-phishing attack

I was curious to see where this attack wants to take me. I fired up a Ubuntu linux image that I keep in VirtualBox. Being a virtual image the entire OS instance I can throw away after I try this, that way my host OS will be safe.  As seen below, the attack page was to a non-Microsoft page which convincingly exact as the official Outlook.com sign in page.

The target page hosting the phishing attack

The target page hosting the phishing attack

Its easy to copy the official login page’s HTML and recreate a new page, but I am surprised on the bluntness of the attackers nowadays. I feel bad that computer scientists haven’t been doing enough to protect the common user from these dangers.

Categorized in:

Tagged in: