Phishing attacks aren’t slowing down, but they have in many cases become easier to spot. The problem is there are also plenty of cybercriminals working to make these scams indistinguishable from the real thing.
Case in point, some phishing emails are putting far more effort into looking like the genuine article. Tap or click here to see how convincing this Netflix phishing scam looks.
You might not think it’s possible for you to fall victim if you’re paying close attention to small details like the sender field. But what if scammers were able to make an email look like it came directly from you? That’s exactly what’s happening to Outlook users with this scary new scam.
Trust no one — not even yourself!
According to a new security alert from researchers at Sophos Labs, a new breed of scam email is targeting Outlook users with scary efficiency. If you happen to get this message and interact with it, you could end up losing your Outlook account as well as any private emails you’ve sent and received.
What makes this particular scam so bad is how it obscures its origins. Due to tricky design, the email purports to be an automated message from your own Outlook account saying that previous emails you’ve sent weren’t delivered. If you scroll through the message, you’ll also see vaguely threatening information on what might happen if you fail to act.
Clicking on the links in the message will take you to a dangerous scam site that asks for your Outlook login credentials. This is where they people behind the scam steal your information and make off with your account data. And to make matters worse, the link included in the email appears to go to a legitimate Outlook domain.
What gives? Are these hackers actually making your email system glitch up? As it turns out, all you’re falling for is a bit of digital sleight-of-hand.
Looking out for Outlook
Outlook’s design makes it difficult to see the sender field of the message unless you change the default settings. Combined with a structure that makes the message look automated and official, it’s no surprise that this scam email is tricking people.
But that’s not the only sketchy part of this message. In the phishing link included (with the legitimate-looking domain), you see that the link appears to go one place but actually takes you somewhere else. This is because the link isn’t actually a link that shows the URL, but simply blue text with a description typed out (much like the links in this very article).
Thankfully, there are a few steps you can take to poke holes in messages like this before you fall for them.
- First things first, always be skeptical about any emails that try to pressure you into sharing or resetting your account information. Microsoft will never threaten you with financial consequences should you fail to change your password, for example.
- Second, even if you can’t see the sender field, you can tell if a link is fake just by hovering your mouse over it. If the actual destination you see doesn’t match what’s written in the link itself, that’s a huge red flag for scams and phishing.
- Overall, the best way to protect yourself from scams like this is to stay vigilant. This means avoiding opening emails from unknown senders, verifying with contacts that they actually sent you an attachment and never clicking on external links from emails unless they go somewhere familiar.
Here are a few other important steps to keep yourself from getting duped:
- Always use complex, sophisticated passwords. Never reuse them between different accounts. Tap or click here to find out how to create stronger passwords.
- Always be cautious with messages from unknown senders and check every URL closely by hovering over them without clicking. Tap or click here to take this quiz and see if you can spot the scams.
- When in doubt, always navigate to trusted websites manually in a new tab or window instead of clicking any links.
And speaking of passwords, make sure to take time and check that your password is as secure as possible. For maximum security, we strongly recommend enabling two-factor authentication. Tap or click here to see how to set up 2FA for your favorite online accounts.