Scam of the day – May 10, 2021 – Dangerous Microsoft Phishing Email.

by | May 9, 2021 | Scam of the day

I have heard from a number of Scamicide readers about today’s Scam of the day, which is also one that I have plucked from my own email as well.  It has several variations, but it generally involves an email that appears to come from Microsoft in which the targeted victim is told, as in the emails copied below that he or she must update their account in order to keep it active or that Microsoft has changed the terms of their service agreement and provides links to get more information.   In regard to the first email related to your email, it is absolutely a scam.  In regard to the second, it may be legitimate.  Microsoft is indeed changing the terms of its service agreement on June 15th.  However the prudent action to take is not to click on the links in the email for further information, but go directly to Microsoft at this link for more information. https://www.microsoft.com/en-us/servicesagreement/upcoming.aspx

As for the email that deals with your email, if you click on the links in the email to update your account, you end up either directly downloading malware or being taken to a legitimate appearing site that asks for personal information that will be used to make you a victim of identity theft.  The best scams have a kernel of truth and the kernel of truth in this scam is that Microsoft is indeed updating its terms of service effective Microsoft service agreement

Here are the two emails.  The links in both emails have been deleted.

From: Email Inc <lkaemper@msn.com>
Sent: Wednesday, May 5, 2021 10:25 AM
To: msa@communication.microsoft.com <msa@communication.microsoft.com>; account-security-noreply@accountprotection.microsoft.com <account-security-noreply@accountprotection.microsoft.com>
Subject: Update to our Terms

Microsoft Account Info
 
“Starting on May 6th, 2021, customers that are yet to update their account will no longer be able to log in via their email addresses due to recent new year upgrades.

Please follow the link below to update your account: 
NEW VERSION

Thank You. Please do not reply to this message. Mail sent to this address cannot be answered.
Hello,

You’re receiving this email because we are updating the Microsoft Services Agreement, which applies to one or more Microsoft products or services you use. We’re making these updates to clarify our terms and ensure that they remain transparent for you, as well as to cover new Microsoft products, services and features.
The Microsoft Services Agreement is an agreement between you and Microsoft (or one of its affiliates) that governs your use of Microsoft consumer online products and services.
You can read the entire Microsoft Services Agreement here. You can also learn more about these updates on our FAQ page here, including a summary of the most notable changes. The updates to the Microsoft Services Agreement will take effect on Ju‍ne 15, 20‍21. If you continue to use our products and services on or after Ju‍ne 15, 20‍21, you are agreeing to the updated Microsoft Services Agreement.
If you do not agree, you can choose to discontinue using the products and services, and close your Microsoft account before these terms become effective. If you are a parent or guardian, you are responsible for your child’s or teenager’s use of Microsoft products and services, including purchases.

Thank you for using Microsoft products and services.
TIPS
In regard to the first email dealing with your email account, the email address of the sender, while appearing to come from someone at Microsoft is phony.  According to Microsoft, emails to you pertaining to your account will always end with @accountprotection.microsoft.com and while in the phony email above, this email address appears in the address line for the receiver of the email, this is done to confuse the targeted victim because the address to be proper would be that of the sender and not the email address of lkaemper@msn.com which is shown as the address of the sender.  In addition, the deleted link under the words “NEW VERSION” would not have taken you to a Microsoft account which you could determine by hovering your mouse over the link which is a good indication that this is a scam.
As for the second email, it is important to remember that you don’t have to do anything to continue to use your Microsoft programs.  As it indicates in the email, merely by continuing to use your Microsoft products you agree to the terms of the new service agreement and while this email appears to be legitimate, you rally can’t take the chance by clicking on the links contained in the email to read the entire terms of the new Microsoft Agreement or to read their FAQs.  The risk of this being a sophisticated phishing email is too great.  Rather than click on the links in the email, the far better course of action if you wish to learn more about changes in the service agreement is to go directly to the Microsoft website at a domain name that you know is legitimate.  As I indicated above, the link that you can trust is https://www.microsoft.com/en-us/servicesagreement/upcoming.aspx
Trust me, you can’t trust anyone.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/