Security researchers at Shreshta IT, using our threat intelligence platform SDINET, have identified a phishing website targeting users of Microsoft Outlook.
About Microsoft Outlook
Outlook.com is a webmail service that is part of the Microsoft 365 product family. It offers mail, calendaring, contacts, and tasks services.1
Phishing page impersonating Outlook login – www[.]newoutlook[.]email
![Phishing page mimicking Outlook login page at www[.]newoutlook[.]email and and requesting user contact information (Email, Phone or Skype ID)](https://shreshtait.com/blog/wp-content/uploads/2023/01/signin-ss.png)
Image – screenshot of Enter Password
Phishing page – Error on entering invalid credentials
Image – screenshot of the Error
The phishing page is linked to a Telegram bot such that the login credentials entered are sent to the attacker via the Telegram bot.
www[.]newoutlook[.]email sending login credentials via Telegram
About the Telegram Bot API
The Bot API allows you to easily create programs that use Telegram messages for an interface 1
Threat Indicators
- Domain registrar – NameCheap, Inc
- Domain name registration date – 22-01-2023
Motive
The motive of the attackers for creating the phishing website targeting the users of Microsoft Outlook is to harvest the Personally Identifiable Information (PII) of the user:
- Email address and password
- IP Location
Phishing website – www[.]newoutlook[.]email on VirusTotal
![Phishing website - www[.]newoutlook[.]email appears clean as per VirusTotal](https://shreshtait.com/blog/wp-content/uploads/2023/01/VirusTotal-Scan-2.png)
Image – Screenshot of VirusTotal
At the time of writing, none of the threat intelligence vendors listed on VirusTotal flagged www[.]newoutlook[.]email as malicious.
