Security researchers at Shreshta IT, using our threat intelligence platform SDINET, have identified a phishing website targeting users of Microsoft Outlook.
About Microsoft Outlook
Outlook.com is a webmail service that is part of the Microsoft 365 product family. It offers mail, calendaring, contacts, and tasks services.1
Phishing page impersonating Outlook login – www[.]newoutlook[.]email
Phishing page – Error on entering invalid credentials
The phishing page is linked to a Telegram bot such that the login credentials entered are sent to the attacker via the Telegram bot.
www[.]newoutlook[.]email sending login credentials via Telegram
About the Telegram Bot API
The Bot API allows you to easily create programs that use Telegram messages for an interface 1
Threat Indicators
- Domain registrar – NameCheap, Inc
- Domain name registration date – 22-01-2023
Motive
The motive of the attackers for creating the phishing website targeting the users of Microsoft Outlook is to harvest the Personally Identifiable Information (PII) of the user:
- Email address and password
- IP Location
Phishing website – www[.]newoutlook[.]email on VirusTotal
At the time of writing, none of the threat intelligence vendors listed on VirusTotal flagged www[.]newoutlook[.]email as malicious.