A new phishing scam attempts to use the possible Iranian-backed cyber attack scare to harvest user Microsoft login credentials. According to Michael Gillett, who received the phishing email and shared it, the email was capable of bypassing spam filters and arriving in his mailbox. To take advantage of the increased Iranian tension, an attacker created an alert that looks quite authentic at first glance and pretends to be from “Microsoft MSA.” The email states that the Microsoft servers have been hit by attackers and users must re-login to be able to use the Microsoft services. The full text of the email, which desperately needs a spell check, is:
Microsoft servers have been hit today with a Cyber Attack from Iran Government For your seifty and security we had to take extra mesures to protect your account and your personal data. Some emails and files might still be locked on our servers, in order to get full access to your emails and files you have to signin again. If you still have problems receiveing emails please be patient, our support team is working on this issue and we will fix this as soon as possible. Restore Data.” If a recipient clicks on the “Restore Data” button they are redirected to an attacker-controlled site that asks for login credentials. When examining the hosting URL, it is not a legitimate Microsoft landing site.