Once cybercriminals have gotten their potential victims’ account credentials (usernames and passwords), they will use it to hijack their Microsoft accounts and use them fraudulently. Therefore, recipients of the phishing email message (see below) who were tricked into clicking on the link within it and have attempted to sign into the phishing or fake website that they were taken, are asked to change their Microsoft account passwords immediately, before they are hijacked and used fraudulently by cybercriminals.
The "Outlook Group - New Message" Phishing Scam
Date: 23 January 2017 18:15:30 GMT
Subject: Outlook Group - New Message (ID: 54L3)
Hotmail upgrading e-mail account – [email address removed]
We have recently upgraded all our customer e-mail addresses to the new Outlook.com. Due to this your Hotmail e-mail account needs to be re-activated.
You can do this by just simply logging in on the link below:
If your e-mail account is not activated within 2 working days it may expire.
This is a compulsory process that affects all our customers.
Thank you for your support,
The Microsoft Security team 2017
Microsoft users should never click on a link to sign into their accounts, they should instead, go directly to https://account.microsoft.com/ and sign-in from there. If there is something that needs to be done to their accounts, they will be notified. This is will prevent Microsoft users from visiting phishing websites disguised as legitimate Microsoft website that steal account credentials.