Phishing websites targeting Microsoft Outlook

Phishing targeting Microsoft Outlook users

Security researchers at Shreshta IT, using our threat intelligence platform SDINET, have identified a phishing website targeting users of Microsoft Outlook.

About Microsoft Outlook

Outlook.com is a webmail service that is part of the Microsoft 365 product family. It offers mail, calendaring, contacts, and tasks services.1

Phishing page impersonating Outlook login – www[.]newoutlook[.]email
Phishing page mimicking Outlook login page at www[.]newoutlook[.]email and and requesting user contact information (Email, Phone or Skype ID)
Image – screenshot of phishing website www[.]newoutlook[.]email

Phishing page – Prompting user to enter Password

Image – screenshot of Enter Password

Phishing page – Error on entering invalid credentials
Phishing page – Error showing on login attempt

Image – screenshot of the Error

The phishing page is linked to a Telegram bot such that the login credentials entered are sent to the attacker via the Telegram bot.

www[.]newoutlook[.]email sending login credentials via Telegram

About the Telegram Bot API

The Bot API allows you to easily create programs that use Telegram messages for an interface 1

Threat Indicators
  • Domain registrar – NameCheap, Inc
  • Domain name registration date – 22-01-2023

Motive

The motive of the attackers for creating the phishing website targeting the users of Microsoft Outlook is to harvest the Personally Identifiable Information (PII) of the user:

  • Email address and password
  • IP Location
Phishing website – www[.]newoutlook[.]email on VirusTotal
Phishing website - www[.]newoutlook[.]email appears clean as per VirusTotal

Image – Screenshot of VirusTotal

At the time of writing, none of the threat intelligence vendors listed on VirusTotal flagged www[.]newoutlook[.]email as malicious.

Website | + posts