What is the scam about?

With companies like Microsoft and Google regularly sending notifications for unusual activity on accounts, users might not think twice when receiving these alerts. Cyber criminals are taking advantage of this by sending emails that look almost identical to genuine Microsoft notifications, claiming there’s been unusual sign-in activity.

How they do it:

The email format mimics Microsoft’s, including the same layout and information fields, which makes it even harder to spot the difference. The dangerous part is the link to “review recent activity,” which instead of directing you to Microsoft’s official site, leads to a fake page that requests your login details.

How to stay safe:

1. Verify the Source: Before clicking any links, always double-check the email sender’s address. Remember to never click on anything that you don’t recognise or know exactly what it is.
2. Don’t Rush: Phishing emails often try to make you feel anxious or rushed. Take your time to review the message for any suspicious signs, such as odd grammar or a non-personal greeting.
3. Use Two-Factor Authentication (2FA): Always enable 2FA on your accounts for extra protection. Even if someone gets your password, they won’t be able to access your account without the second verification step.