Microsoft phishing page detected

Posted byAnti-phishing Leave a comment on Microsoft phishing page detected

This screenshot shows a phishing page impersonating Microsoft, targeting Spanish‑speaking users. The page asks for the victim’s current email address and current password under the pretext of “confirming credentials.” It is hosted on a suspicious free hosting subdomain.

Threat Analysis: Microsoft Phishing – “Confirm Credentials” Scam

How it works:
The victim receives a phishing email, SMS, or message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which mimics a Microsoft login interface. The victim is asked to enter their email address and current password, then click “Continuar.” The credentials are captured and sent to the attacker.

The goal:
The attacker steals Microsoft account credentials (email and password) to:

  • Access the victim’s email (Outlook, Hotmail) and other Microsoft services (OneDrive, Office 365)
  • Reset passwords for other accounts linked to that email
  • Send further phishing messages to the victim’s contacts
  • Attempt credential reuse on other platforms

Red flags to watch for:

  • Suspicious URL: The page is hosted on fffgfggggggggg000.hostfree.pw – a free hosting subdomain, not microsoft.com or outlook.com. Legitimate Microsoft login pages are only on official domains.
  • Unprofessional domain name: Random characters and “hostfree.pw” are clear indicators of a throwaway phishing site.
  • “Confirmar credenciales” pretext: Microsoft never asks users to “confirm credentials” via a link. Legitimate security alerts direct users to log in through the official website, not a separate page.
  • Minimal design: The page lacks Microsoft’s full branding, security notices, and two‑factor authentication options.
  • No personalization or security image: Genuine Microsoft login pages display a security image or account selection after entering an email.
  • Unsolicited login request: Microsoft does not send links requiring users to log in to resolve account issues.

What to do if you encounter this:

  • Do not enter your email or password.
  • If you have already entered your credentials, change your Microsoft password immediately and enable two‑factor authentication (2FA).
  • Always access Microsoft services by typing outlook.com or microsoft.com directly into your browser.
  • Report the phishing page to Microsoft (via [email protected] or the built‑in reporting tool).

Protective measures:

  • Bookmark the official Microsoft login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate microsoft.com or outlook.com domains.
  • Enable two‑factor authentication on your Microsoft account (using an authenticator app or security key).
  • Be suspicious of any unsolicited message that asks you to “confirm” your credentials via a link.

Leave a comment

Your email address will not be published. Required fields are marked *