While the is a real war being fought in Ukraine following Russia’s decision to invade a sovereign nation, there is also a cyber war happening. Russian threat actors and hackers from the West are targeting each other during the conflict. However, the invasion has allowed small time attackers to also enter the fray to take advantage of the current situation.
One report points to a new phishing campaign being sent to users of Microsoft services. The attack involves an email claiming to warn users about account hacks coming from Russia-supported groups. When the unsuspecting target interacts with the email, the attackers steal log in credentials and other personal information.
Cybersecurity firm Malwarebytes discovered the spam email attack pretending to be warning of Russian hacks. These mails also pretend to be from Microsoft, leading with the subject line “Microsoft account unusual sign-in activity.”
As for the body of the email, it reads:
Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account
- Country/region: Russia/Moscow
- IP address:
- Date: Sat, 26 Feb 2022 02:31:23 +0100
- Platform: Kali Linux
- Browser: Firefox
A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.
Report the user
The Microsoft account team
There is link button in the email to allow users to report the attack. There is also an unsubscribe option, adding more authenticitity to the email. Clicking the link opens a new message with “Report the users” as the subject. As for the recipient, it pretends to be Microsoft account protection services.
“People sending a reply will almost certainly receive a request for login details, and possibly payment information, most likely via a bogus phishing page,” Malwarebytes explains. “It’s also entirely possible the scammers will keep everything exclusively to communication via email. Either way, people are at risk from losing control of their account to the phishers. The best thing to do is not reply, and delete the email.”
Let’s be honest, this is a back to basics phishing campaign. Even so, Malwarebytes warns the current situation means more users are likely to fall for the scam:
“Given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason,” researchers say. “[The emails] (deliberately or not) could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow.”
Tip of the day: Due to the various problems that arise with microphones, it can often be necessary to perform a mic test. Microsoft’s OS doesn’t make it especially intuitive to listen to microphone playback or play the microphone through speakers. In our tutorial we show you how to hear yourself on mic with just a few clicks.