Today I got the above email in my Hotmail email ID with title reading “Unusual sign-in activity”. I haven’t been to South Africa but I thought some hacker might have been trying from there and I need to change my password immediately. I was about to click on the link, when this struck me. The big blue button on bottom which read “Re-Active Account” is grammatically wrong (spelling mistake for Re-Activate?), but rest of the email looked exactly like the email that comes from Microsoft. On mouse-over to the click-here text which showed a tiny.cc URL as seen above, it became obvious this email is not from Microsoft and is a phishing attack.
A convincing looking email masquerading as from Outlook.com-phishing attack
I was curious to see where this attack wants to take me. I fired up a Ubuntu linux image that I keep in VirtualBox. Being a virtual image the entire OS instance I can throw away after I try this, that way my host OS will be safe. As seen below, the attack page was to a non-Microsoft page which convincingly exact as the official Outlook.com sign in page.
The target page hosting the phishing attack
Its easy to copy the official login page’s HTML and recreate a new page, but I am surprised on the bluntness of the attackers nowadays. I feel bad that computer scientists haven’t been doing enough to protect the common user from these dangers.
Hi Venkatarangan,
Read your blog. Interesting. You seem to be a tech geek of some kind. What is your background. I am from Vellore, a couple of hours journey from your beloved city. If you have time, check out my blog mentioned above where I review nonfiction books.
Regards,
Anand
Thanks Anand for the nice words. I am just an ordinary guy, who likes to rant in my blog. Here is my brief profile.
I have been to Vellore when I went to see the Sripuram Golden Temple and enroute to Yelagiri.
You have read lots of interesting books, let me check it out one by one from your blog. All the best.