BEWARE THE FAKE LOGIN

Most people will be familiar with the concept of linking something to your Facebook login. Many sites offer you the opportunity to login using your Facebook account.

Scammers use this concept to farm credentials for other sites.

 

One we have started seeing more often is a request to verify something using your Outlook or Office 365 details. The common hook is asking you to verify who you are so you can access a file you have been sent. Often the email is claiming to be from Dropbox, but other providers are also being used for this scam.

Once they have your email login they will access your account. Ransomware emails will be sent to all your contacts within minutes. Those emails will come from your account, with your full signature on them. Hundreds of your contacts can be emailed in minutes.

NOTE: Microsoft do not allow any other organisations to link to your Outlook/Office 365 credentials.

All the links in the screen shots below are fakes.  Their purpose is to steal your credentials.

 

 

In another case the original email looked like this:

 

 

If you are ever asked to use your Office 365/Outlook login credentials to access anything other than Office 365, you are most likely dealing with a fake.