Microsoft phishing page in Spanish detected

Posted byAnti-phishing Leave a comment on Microsoft phishing page in Spanish detected

Analysis Memo: This spoofed page was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our daily link moderation procedures. To protect the public, the phishing source domain has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Microsoft phishing page in Spanish detected" phishing interface captured during link moderation on our platform.
Figure 1: Verified screenshot of the ongoing fraudulent campaign captured during routine moderation.

This screenshot shows a Spanish‑language phishing page designed to steal email credentials (correo electrónico and contraseña). The page is minimal and generic, making it adaptable to impersonate various services (Microsoft, Google, a bank, or an email provider).

Threat Analysis: Generic “Inicio de seguridad” Phishing – Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which asks for:

  • Email address
  • Password

The “Siguiente” (Next) button suggests a multi‑step flow, where the victim would be taken to another fake page (e.g., for two‑factor authentication or additional personal data).

The goal:
The attacker steals the victim’s email credentials to:

  • Access the email account (search for sensitive information, reset passwords for other services)
  • Send further phishing messages to the victim’s contacts
  • Use the credentials to compromise other accounts where the same password is reused

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain like sc-445678-sss.c1.biz, which is not an official domain for any legitimate service (e.g., google.com, microsoft.com, outlook.com).
  • Generic design: The page has no logo, no company branding, and no personalized elements – a strong indicator of a broad phishing campaign.
  • “Inicio de seguridad” pretext: This vague “security start” phrase is meant to create a false sense of urgency but lacks the professionalism of a real security alert.
  • Unsolicited login request: No legitimate service sends links requiring users to log in to resolve “security” issues.

What to do if you encounter this:

  • Do not enter your email or password.
  • If you have already entered credentials, change your password immediately for that email account and for any other accounts using the same password. Enable two‑factor authentication (2FA) on your email account.
  • Always access your email or online services by typing the official URL directly into your browser.

Protective measures:

  • Never click links in unsolicited messages claiming security issues.
  • Use a password manager – it will not autofill on fake domains.
  • Enable two‑factor authentication on your email and other critical accounts.
  • Check the URL carefully: Look for misspellings, extra words, or unusual top‑level domains.

Leave a comment

Your email address will not be published. Required fields are marked *