https://files.facepunch.com/forum/upload/2014/e1173682-4e56-4fa7-8b6c-338d823298b7/unknown-2.png
It's weirdly worded, very weirdly, but I know for a fact that the address it came from is the legitimate one, and that verification mark is there. All the links in there also lead to account.live.com which is Microsoft's domain.
I use two step verification for my account by all means including the Microsoft account app on my phone and I received no alerts anywhere.
I went ahead and changed my password, not using any links from the email, but nothing anywhere else said anything was wrong.
So is this fake with some really good email spoofing and it's sending me into a panic for nothing, or has someone somehow got ahold of my shit?
I feel stupid for asking, but better safe than sorry since Googling it is giving me incredibly conflicting results.
View the source of the email and look at where that button, or any of the text links, point to.
If it takes you to a valid Microsoft domain, then that's really weird but not phishing.
If it points to a random ip address or to some bullshit like "microsoft.com.weirdsite.definitelynotmicrosoft.ru" then yeeeah
As I said, they all pointed to valid Microsoft domains. The URL in my URL bar when I went and changed my password for safety (not using any links in that email) it was the same one, with the exception that "proofs" in the email was spelled as "Proofs" instead, and I didn't think that would make a huge difference.
Everything matches the emails I got when I changed my password.
Rule of thumb for me - whenever you get any email like this just go and log in to the service manually without clicking any links on the email.
Yeah, someone else pointed out to me that one of the links, while goes to account.live.com, is also a mile long with a bunch of nonsense tacked onto the end, as so:
https://files.facepunch.com/forum/upload/2014/355c243f-0fca-4382-91c4-3b2ca05c96e1/image.png
(from the view source)
That's something that no other link in legit Microsoft emails are doing, and I'm not sure if the theory is correct that it causes a redirect because I'm not about to click it and find out, but that's what it smells like.
@Archival That's what I immediately did, I went through the site itself instead of clicking any of those links. No login activity except me, but I got paranoid anyhow.
It's... probably fake, yeah. I just freaked out because getting my accounts hacked into is one of my biggest fears, I legit have nightmares about that shit so I just really wanted to make sure.
As long as you have 2FA its effectively impossible for someone to hijack an account without you supplying the code (that being the exact thing this email would have asked you for)
I figured as much, seeing as how my phone didn't blow up about anything. Just holy shit. Way to dig into my extreme fear.
Fucking giving me a heart attack is what these scammers are doing.
What I just really want to know is how they're getting away with using an actual Microsoft domain in the links and spoofing the email so well that Outlook thinks it's legit, giving it the verification marker and everything.
Yeah, see that's the kind of shit you look out for when you get a convincing but unexpected email urging you to stop someone from immediately taking control of your account. They want to scare you into acting hastily. The more time you have to think about it, the less likely it'll work. But they wouldn't do it if it didn't work on enough people to make it worth it.
Going straight to your account instead of trusting the contents of the email is always the best bet, so good thinking there.
Sorry, you need to Log In to post a reply to this thread.
