Skip to Content
© Rafael Henrique |
Security & privacy

Have a Gmail or Hotmail account? Microsoft says to keep your eyes out for this scam

Scammers have been employing sneaky tactics to get at your information and finances since the internet first arrived. Email is among the oldest vehicles for bad actors to ply their trade, and they’re still at it decades later.

A scammer can pose as a company or service you know to earn your trust and trick you into handing over whatever they ask for. This is known as phishing and it’s a serious problem. As if that’s not enough, crooks are sending emails that prompt users to dial a phone number and connect with more crooks. Tap or click here to learn more about voice phishing or vishing scams and how to avoid them.

Now, Microsoft is warning Office 365 users about a phishing scam with email links that can redirect victims from a real site to a malicious one.

Here’s the backstory

A recent Microsoft blog post describes a scam that uses redirects to trick potential victims into handing over personal information. These open redirects appear to be legitimate but will actually lead to spoofed sites.

Hovering your mouse over the link will show a real domain name you may know and trust. Click on it, and you’ll be taken to a malicious site or page, however. Once there, you can be prompted to enter your credentials, or malware can be triggered to download to your device.

Tap or click here to see how scammers used open redirects in Google Meet to target their victims.

In this case, the phony email is masquerading as an official one from Microsoft Office 365 and Zoom. Users who click on the embedded links are sent to a Captcha page, making things seem even more legitimate.

Once the victim gets past that, they are taken to a login page with their email address already filled in. More trickery. They enter their password and now the scammer has their credentials.

Microsoft says it’s observed more than 350 unique phishing email domains used in this scam so far.

Shield yourself from attack

Microsoft Defender for Office 365 can detect email threats and using AI and machine learning. You can check out Microsoft’s recommended settings to get its phishing protection.

Here are some more steps you can take to limit your exposure to phishing scams:

Keep reading

This clever fake UPS email takes phishing scams to a whole new level

Update your PC! Windows users open to a scary new ransomware attack

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started