Hackers are trying to use Iran’s recent warning of a cyber attack to collect Microsoft login credentials for cyber fraud. As tensions between the United States and Iran grow, the U.S. government warns that Iran may launch a cyberattack on critical infrastructure. In such a situation, an attacker lied that he originated from “Microsoft MSA” and sent an email with the subject “Email users hit by Iran cyber attack” and lied that Microsoft server was attacked by Iranian network to conduct the network Fraud.
The phishing email also wrote: In order to respond to this attack, Microsoft will lock the mail and data on the server to protect users from harm. If they want to gain access to the locked user’s data again, the user needs to log in again.
According to the user who received the phishing email, Michael Gillett, he found that the message could bypass Outlook’s spam filter and reach the recipient’s mailbox.
The following is the message content
Microsoft servers have been hit today with an Cyber Attack from Iran Government
For your seifty and security we had to take extra mesures to protect your account and your personal data.
Some emails and files might still be locked on our servers, in order to get full access to your emails and files you have to signin again.
If you still have problems receiveing emails please be patient, our support team is working on this issue and we will fix this as soon as possible.
If the recipient clicks the “Restore Data” button, they will be returned to the fake Microsoft login page, but as you can see from the URL, this is not a legitimate Microsoft site.
If the user enters login credentials, the user information will be stolen by the attacker and subjected to other network attacks, and these attacks may include targeted network fraud, credential filling attacks, and data theft.
Therefore, when you receive a strange email and ask to log in to your account to perform an operation, you need to be vigilant. If you have any questions, you can contact the network or email account, administrator. In addition, users should also check the URL of any login page, including the Microsoft login form, and legitimate login forms are posted on Microsoft.com, live.com, and outlook.com domains.