Microsoft phishing page in Spanish detected

Posted byAnti-phishing Leave a comment on Microsoft phishing page in Spanish detected

Analysis Memo: This spoofed page was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our daily link moderation procedures. To protect the public, the phishing source domain has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Microsoft phishing page in Spanish detected" phishing interface captured during link moderation on our platform.
Figure 1: Verified screenshot of the active phishing operation captured during routine moderation.

This screenshot shows a Spanish‑language phishing page impersonating Microsoft, asking for an unusual combination of credentials: email/phone/Skype, password, and a 4‑digit PIN.

Threat Analysis: Microsoft Phishing – Credential & PIN Harvesting

The page mimics Microsoft’s login interface but adds a 4‑digit PIN field, which is not part of a standard Microsoft login flow. This extra field may be intended to capture a SIM PIN, banking PIN, or a secondary security code that the victim uses elsewhere.

How it works:
The victim receives a phishing email or message claiming a security alert or account issue. The link leads to this page. After entering the email, password, and a 4‑digit PIN, the data is sent to the attacker.

The goal:

  • Steal Microsoft account credentials (email and password) to access email and linked services
  • Capture a 4‑digit PIN that the victim may reuse for banking, phone, or other sensitive accounts

Red flags:

  • Suspicious URL: The page is hosted on a domain that is not microsoft.com or outlook.com.
  • Extra PIN field: A legitimate Microsoft login does not ask for a 4‑digit PIN at this stage.
  • No security image or personalization: Real Microsoft login pages show security phrases or alternate verification methods.
  • Unsolicited login request: Microsoft does not send links requiring users to log in to resolve issues.

What to do:

  • Do not enter any credentials or PIN.
  • If you have already submitted information, change your Microsoft password immediately and enable two‑factor authentication. If you used the same PIN elsewhere (e.g., bank card), contact the relevant institutions.
  • Always access Microsoft services by typing outlook.com or microsoft.com directly.

Protective measures:

  • Bookmark the official Microsoft login page and use it exclusively.
  • Use a password manager – it will not autofill on fake domains.
  • Never reuse PINs across different services.
  • Enable two‑factor authentication on your Microsoft account.

Leave a comment

Your email address will not be published. Required fields are marked *