Here’s a look at a very clever phishing scam designed to fool you into giving scammers your log-in and password. A phishing scam (pronounced just like fishing) is when crooks pretend to be something they are not to trick you into clicking on a link or sharing your account information.

This particular attack is targeted at users with a Microsoft account, but the same technique could be used to trick you into revealing the password to your bank account, Google Account, Apple Account, and more.  Here’s how it works.

We’ve all seen an error 404 page, it’s the page that turns up when something’s isn’t there on the Internet or you’ve mistyped an address.

error-404

The look of the error 404 page can vary depending on who designed the website. Well, some very clever crooks have taken to putting up images that look just like the log-in for your Microsoft account instead of the error message.

fake-microsoft.jpg

Crooks only need to be one letter off from a legitimate web address to redirect you, so these attacks can often be hard to spot.

How do you avoid them? Be incredibly cautious about clicking on links in emails or messages.  It’s often better to just find the site yourself. If you see a request for your password information, log off wherever you are. Go to your account setting on your device or open up a new window in your browser and head directly to the site for your account. You’ll be able to see there if you need to log in.  As always, be vigilant.