Don’t Fall For This Password Reset Scam
Key points in this article:
- Cybercriminals are posing as Microsoft in a new password reset email scam
- Never give out private information in an email, no matter who is requesting it
- Find out how this scam works so you can defend yourself
Don’t Let Cybercriminals Steal Your Microsoft Account Password
The Palindrome Consulting team has recently identified an uptick in password reset scam emails. Do you know how to spot one of these emails?
Find out how in our latest video:
How This Password Reset Scam Works
While the email may look legitimate at first glance, it’s a scam. It claims to have been sent by Microsoft, but it’s the work of cybercriminals. A key signifier is that it comes with an attachment.
How To Spot A Scam Email
This email is a prime example of phishing. Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Virtually anyone on the internet has seen a phishing attack.
Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.
Here are 5 signs that an email may be a phishing attempt by a cybercriminal:
Incorrect Domain
Before even looking at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big-name company—but talk is cheap. The domain may be almost correct, but not 100% correct.
Spelling and Grammar
Keep an eye out for any typos or glaring errors when reading a suspicious email. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
Specificity
Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” – this allows them to use the same email for multiple targets in a mass attack.
Urgent and Threatening
If the subject line makes it sound like an emergency—”Your account has been suspended”, or “You’re being hacked”—that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
Attachments
Phishers will often try to get you to open an attachment. If you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.
Why Is Phishing Dangerous?
First of all, it’s prevalent. At the start of last year, Google had registered 2,145,013 phishing sites, a drastic increase from 1,690,000 the year before.
Furthermore, the average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents is that you get desensitized to the whole thing.
Lastly, the fact is that businesses aren’t learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years, and by 47% in the first quarter of 2021 alone.
Don’t Become A Victim Of The Cyber War
In the end, the key to phishing methodology is that it doesn’t rely on digital security vulnerabilities or cutting-edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place.