|Subject:||Unusual sign-in activity|
Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account firstname.lastname@example.org.
Date: 1/19/2018 12:35 AM (PST)
Please go to your recent activity page to let us know whether or not this was you. If this wasn’t you, we’ll help you secure your account. If this was you, we’ll trust similar activity in the future.
Scam alert! The E-mail above is a SCAM. It’s a Phishing scam, trying to get your Blockchain.info wallet details by luring you to a fake wallet website. To probably steal any cryptocurrency they can get. The message and site is all fake. Be warned!
If you’ve received this by e-mail than mark it as SPAM (if possible) and/or DELETE it. Please comment below if you have received this message but with a little difference etc.
Tracing the links in this phishing e-mail
Notice that the e-mail address spammed here (displayed in the e-mail contents wasn’t a Microsoft address so no clue why this was mentioned.
Also the fact that the e-mail address owner worked on Windows and Chrome is fake (guessed).
The link (for security reasons disabled in the e-mail above!) leads to the following webpage: hyalual.delivery/mic/a163.php This domain has been registered in 2015 and the website was probably hacked to install this redirect-script.
Visitors are redirected by this script to: cola.mail-qq.eu/bbl1/check1.php The domain mail-qq.eu was recently registered (dec 25, 2017) so seems suspicious, but .eu-whois doesn’t show owner details (for privacy reasons) except the fact the domain-owner is from Italy and has the following e-mail address: email@example.com
The weblink shows a fake login screen asking for your blockchain.info wallet account. All displayed menu items/links didn’t work at all. It’s all fake, only the form worked to get your login credentials.
You can see a screenshot of the fake "blockchain" website below:
Within a number of hours (just before publishing this post) the mentioned sites where taken down!