In the following example I’m describing, it leads to a web site which I do not want you to visit.
I’ve gotten now a second email from Microsoft.
Here is the latest one:
Unusual Sign-in activity
We detected something unusual about a recent sign-in to Microsoft account
Sign-in details
Country/region: Unted State
IP address: 107.170.166.118
Platform: Mac OS
Browser: Chrome
Please go your recent activity page to let us know whether or not this was you . If this wasn’t you. we’ll help you secure your account. we’ll trust similar activity in the future.
Review recent activity
The Microsoft Security Essentials
Microsoft Team office Center
all rights reserved © 2020
The view account information leads to http://office365-online.myvnc.com/cutomer/portal/ Don’t go here!
Firefox reports:
Deceptive site ahead
Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.
Advisory provided by Google Safe Browsing.
I was curious, as the email address apparently said or a similar address, but we know that this can’t be the case.
The email does look very authentic, and this is what will get people. As someone who is curious on what the trend is, I only click to look, nothing more. Having Firefox on your side is great, as they may see this and mark it bad as Google does, through their safe browsing feature. Thats awesome, Google!
Make sure to check your links.This email and another one came to us through our contact at menvi.org’s email address.
Here are the headers:
imap://menvi-webmaster%40menvi%:143/fetch%3EUID%3E.INBOX%3E43967
Return-Path: <>
Received: from cp1-benor.nocwest.net
by cp1-benor.nocwest.net with LMTP
id Nbd7Bi3Yh159JwAAIyXCCQ
(envelope-from <>); Fri, 03 Apr 2020 20:43:25 -0400
Return-path: <>
Envelope-to:
Delivery-date: Fri, 03 Apr 2020 20:43:25 -0400
Received: from static.26.106.130.94.clients.your-server.de ([94.130.106.26]:33651 helo=thindra1.info)
by cp1-benor.nocwest.net with esmtp (Exim 4.93)
id 1jKWuB-0002bW-1m
for ; Fri, 03 Apr 2020 20:43:25 -0400
Subject: Microsoft account unusual sign-in activity
From: Microsoft account teamno-reply@microsoft.com
Reply-to: no-reply@microsoft.com
To:
Content-Type: text/html; charset=us-ascii; boundary=CMF8FBR06Z2XNQEBJOR4.1200369.CMF8FBR06Z2XNQEBJOR4
Nice going guys, wanna try something I’ve not seen? Problems with an account that is a forwarder and on the proper server that is working isn’t going to fool me or my team any.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.