What is the “Outlook – Someone Logged Into Your Mail Account” email

“Outlook – Someone Logged Into Your Mail Account” email is part of a phishing campaign that tries to phish users’ Outlook email account credentials. It’s a classic phishing email that claims an unauthorized person has logged into users’ email accounts and asks that users secure their accounts. When users are led to a phishing site, if they type their email login credentials, their email accounts will be hijacked.

 

 

This  “Outlook – Someone Logged Into Your Mail Account” email claims that someone has logged into users’ Outlook accounts using Google Chrome. The email is made to look like a notification that email providers send when a login is made from an unrecognized device. Usually, these emails allow users to secure their accounts by revoking access to the unauthorized login. Users are also then recommended to change their passwords. This phishing email is a very poor imitation of such an email. It’s written too casually and contains mistakes.

If users fall for this phishing attempt and click the “Report the user” button, they will be taken to a fake login page and asked to log in using their email credentials. If users type in their credentials, they will immediately be transferred to the cybercriminals operating this phishing campaign. Email account credentials are a very hot commodity because they are connected to many other accounts. Unauthorized access to an email account could lead to all connected accounts being hijacked. If the phishing campaign operators do not use the stolen credentials themselves, they will sell them to other cybercriminals.

Here is the full  “Outlook – Someone Logged Into Your Mail Account” email text:

Subject: Mailbox Alert: Someone logged in To Your Mail Account

Hello -,

Someone logged into your mail account on 5/17/2024 10:55:43 a.m. using Google Chrome. we just wanted to make sure it was you! If you don’t think this was you. please report this so we can keep your account safe.

Report the user

Yes, me

Thanks

The Outlook Team

Users whose email account credentials have been phished need to change their passwords immediately if they can still access their accounts. If the accounts are inaccessible, users should contact their email providers to see if it’s possible to get their accounts back.

How to recognize phishing emails

Becoming familiar with the most common signs of a phishing email is highly recommended because it can help avoid many phishing attempts. There are certain things users need to check when dealing with an unexpected email that asks to perform a certain action. The first thing that should be checked is the sender’s email address. This is relatively easy to do because legitimate email addresses can usually be found on companies’ official websites. Low-effort phishing emails are sent from very obviously fake email addresses so they’re especially easy to recognize. More sophisticated emails will be sent from legitimate-looking email addresses but it’s usually not difficult to determine whether it’s legitimate or not using a search engine. If there are no records of the email address used by the company the sender claims to be from, it’s likely a phishing/malicious email.

Grammar and spelling mistakes are another sign that an email may not be what it seems. Unless a phishing email is sophisticated, it will usually have at least a couple of mistakes, whether it’s a missing comma, double spaces, missing letters, etc. Legitimate emails will never have mistakes, especially emails that notify about unauthorized account access. More sophisticated emails will be well-written but it’s still possible for them to have mistakes. This particular “Outlook – Someone Logged Into Your Mail Account” email is written very casually, using language that’s not normally used by email providers like Outlook. There are also mistakes like the word “please” written in lowercase despite being the first word in the sentence.

No matter how sophisticated a phishing email may be, the URL of the site it links to will always give it away. This particular “Outlook – Someone Logged Into Your Mail Account” email has a “Report the user” button, which if clicked would redirect to a fake login page. The site asks that users log in using their email credentials. The site may be done well but the URL will be an immediate giveaway. Phishing sites can make copies of legitimate sites but the URL will always be different. It’s highly recommended that users always check the URL before logging in anywhere. If the URL looks suspicious in any way, users should not try to log in.

To avoid typing login credentials into phishing sites, it’s strongly recommended to never click on links in emails. Instead, users should access accounts manually if an email says that there’s an issue.