Wednesday March 2, 2022

The cybersecurity incidents are coming fast and furious folks.

The conflict with Russia and Ukraine has produced the busiest and riskiest cybersecurity environment I have ever seen.

There is a new notice out today that I want to make everyone aware of related to the work we’ve been doing to block traffic from Russia, Ukraine, and Belarus to and from your networks.

This is a PHISHING email that is designed to look like it’s coming from Microsoft to alert you that there has been login to your account from Russia.

Here is what to look for:


Subject: Microsoft account unusual sign-in activity

Unusual sign-in activity

We detected something unusual about a recent sign-in to the Microsoft account

details

Country/region: Russia/Moscow

IP address: XXX.XXX.XXXX

Date: Sat, 26 Feb 2022 02:31:23 +0100

Platform: Kali Linux

Browser: Firefox

A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.

Report the user


The Microsoft account team



Here are the details

The mail provides a button to “report the user”, and an unsubscribe option.

Should the recipient click the button, they’re not forwarded to a report page.

Instead, it’s a Mailto: URI which opens a fresh email with a pre-filled message to be sent to a specific email account.

People sending a reply will almost certainly receive a request for login details, and possibly payment information, most likely via a bogus phishing page.

It’s also entirely possible the scammers will keep everything exclusively to communication via email. 

Either way, people are at risk of losing control of their accounts to the phishers. 

The best thing to do is not reply and delete the email.

***** If you leverage our Ironscales platform, we are working with them to report on and block these phishing attempts. *****

I encourage you and everyone in your company to be extra diligent about what they click on.

The number of malicious links spreading around the internet is ramping up quickly.

BE SUSPICIOUS of everything.

Encourage your teams to send us a support ticket to if they see any of these emails or websites.

DO NOT forward these emails to us unless we specifically ask you to do so.

Thank you.


Ross Brouse
President – Continuous Networks

Scroll to Top