Microsoft Accounts Targeted by Russian-Themed Credential Harvesting

Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis.

While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to make the rounds, looking to lift credentials and other personal details.

That’s according to Malwarebytes, which uncovered a spate of spam email that name-checks Russian hacking efforts. The subject line for the messages is “Microsoft account unusual sign-in activity,” researchers noted.

The body reads:

Unusual sign-in activity

We detected something unusual about a recent sign-in to the Microsoft account

details

Country/region: Russia/Moscow IP address: Date: Sat, 26 Feb 2022 02:31:23 +0100 Platform: Kali Linux Browser: Firefox

A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.

Report the user


The Microsoft account team

The emails then provide a button to “report the user,” and an unsubscribe option, according to Malwarebytes’ Tuesday analysis.

Read More: