Today I got the above email in my Hotmail email ID with title reading “Unusual sign-in activity”. I haven’t been to South Africa but I thought some hacker might have been trying from there and I need to change my password immediately. I was about to click on the link, when this struck me. The big blue button on bottom which read “Re-Active Account” is grammatically wrong (spelling mistake for Re-Activate?), but rest of the email looked exactly like the email that comes from Microsoft. On mouse-over to the click-here text which showed a tiny.cc URL as seen above, it became obvious this email is not from Microsoft and is a phishing attack.
I was curious to see where this attack wants to take me. I fired up a Ubuntu linux image that I keep in VirtualBox. Being a virtual image the entire OS instance I can throw away after I try this, that way my host OS will be safe. As seen below, the attack page was to a non-Microsoft page which convincingly exact as the official Outlook.com sign in page.
Its easy to copy the official login page’s HTML and recreate a new page, but I am surprised on the bluntness of the attackers nowadays. I feel bad that computer scientists haven’t been doing enough to protect the common user from these dangers.