Microsoft users should stay vigilant: cybercriminals have developed a new phishing technique to capture login credentials.

According to a report by Bleeping Computer, the attack begins with what appears to be a legitimate link to outlook.office.com, often presented as a sponsored result in Google searches. In some cases, users searching for common typos, such as “Office 265” instead of “Office 365,” are redirected through official Microsoft domains before landing on a malicious phishing page. This clever redirection makes the link seem trustworthy while collecting sensitive login information.

Researchers at Push Security highlighted that attackers exploit this chain to trick users into providing their Microsoft credentials, demonstrating how phishing continues to evolve and bypass typical security expectations.

Even with strong personal security measures, users remain vulnerable. Recent attacks, like the ransomware bypass targeting Microsoft Defender, show that cybercriminals can find ways around even well-protected systems. Moreover, data breaches at major companies, such as the recent hack of Allianz Life affecting over 1 million users, emphasize that sensitive information can be exposed even when users follow best practices.

Tips to Stay Safe:

• Double-check URLs, especially sponsored links in search results, before clicking.
• Use multi-factor authentication (MFA) for Microsoft accounts.
• Avoid searching for software services through misspelled keywords that could lead to malicious redirects.
• Stay informed about the latest phishing and malware tactics targeting Microsoft products.

By remaining cautious and adopting layered security measures, users can reduce the risk of falling victim to these sophisticated login theft schemes.

Source: https://mashable.com/article/micrsoft-logins-stolen-hackers