Outlook users, beware of phishing email messages like the one below, which claim the recipients' email account will expire or block from sending and receiving emails if they do not confirm within 24 hours. The phishing email messages have been created by cybercriminals to frighten and trick the recipients into clicking on the link within it, by claiming they need to do so in order to prevent deactivation. But, the link goes to a phishing website or a fake website looking like Microsoft’s website, created by the same cybercriminals, to trick potential victims into entering their Microsoft account usernames and passwords on it, by asking them to sign in. But, any attempts to sign into the phishing or fake website will result in the victims’ Microsoft account usernames and passwords being sent to the cybercriminals.
Once cybercriminals have gotten their potential victims’ account credentials (usernames and passwords), they will use it to hijack their Microsoft accounts and use them fraudulently. Therefore, recipients of the phishing email message (see below) who were tricked into clicking on the link within it and have attempted to sign into the phishing or fake website that they were taken, are asked to change their Microsoft account passwords immediately, before they are hijacked and used fraudulently by cybercriminals.
The "Microsoft Outlook Update" Phishing Scam
From: 0utlook® email@example.com
Sent: February 26, 2017 10:43 PM
Subject: Microsoft Outlook Update
Your e-mail will expire soon.You would be blocked from sending and receiving emails if not confirmed within 24hrs of receiving this automated mail. Update through the link below to avoid deactivation.
Thanks for using our Outlook!
This e-mail may contain information that is privileged and confidential. If you suspect that you were not the intended recipient, please delete it and notify the sender as soon as possible.
Microsoft users should never click on a link to sign into their accounts, they should instead, go directly to https://account.microsoft.com/ and sign-in from there. If there is something that needs to be done to their accounts, they will be notified. This is will prevent Microsoft users from visiting phishing websites disguised as legitimate Microsoft website that steal account credentials.