What are These Phishing Emails?
The phishing emails lands you to web pages that look like a legit Microsoft sign-in prompt. However, these are a phishing site, and many users accidentally enter their login credentials, which are then collected by the hackers. These pages are designed in a careful manner to imitate real-life legit Microsoft websites. But these phishing web pages are non-existent links. But they do not display the typical ‘404 not found’, error message. Security researchers believe that this method opens up lots of ways for hackers to exploits and they can create a lot of random phishing URLs with randomizing domains.
What are Custom 404 Pages?
Hackers can design a custom 404 pages in various ways. However, according to Bleeping Computer, these Microsoft phishing pages are designed using Firebase. This phishing campaign can also be used to exploit Microsoft Azure Storage as well. The sad news is it is very hard for Microsoft to soft these custom phishing pages. Hence, it is the responsibility of users to beware of such attacks. You need to make sure that you carefully view each email you receive. We suggest that you verify the site twice before entering your login credentials. One of these ways is by checking if the email is sent by an authentic Microsoft account and there is security on the website.