Once cybercriminals have gotten their potential victims’ account credentials (usernames and passwords), they will use it to hijack their Microsoft accounts and use them fraudulently. Therefore, recipients of the phishing email message (see below) who were tricked into clicking on the link within it and have attempted to sign into the phishing or fake website that they were taken, are asked to change their Microsoft account passwords immediately, before they are hijacked and used fraudulently by cybercriminals.
The "Microsoft Outlook Web Access 2018" Phishing Scam
From: Mohr, Katie <firstname.lastname@example.org>
Posted: Monday, July 16, 2018 2:18 pm
Subject: REQUIREMENT REQUIRED
Today, July 16, 2018. Your email will be migrated to our new email system - 2018 Outlook Web Access. You must update your email account immediately to avoid service interruptions.
Just click on the link below, update your profile and submit.
CLICK AND UPDATE
This will result in no change of your messages being changed. Failure to complete this procedure will turn your account off.
Thanks for your cooperation.
IT help desk.
Microsoft users should never click on a link to sign into their accounts, they should instead, go directly to https://account.microsoft.com/ and sign-in from there. If there is something that needs to be done to their accounts, they will be notified. This is will prevent Microsoft users from visiting phishing websites disguised as legitimate Microsoft website that steal account credentials.