![\"Imitation](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2021\/06\/15081304\/phishing-on-picture-letter.jpg\")
<\/a><\/p>\nAs always, we should consider whether each element of the message is appropriate, normal, and plausible. One aspect that leaps out is the format. There is no legal reason for this (or just about any) letter to be a picture. In particular, automatically generated letters such as account verifications use text. Checking whether the letter is a picture or text is simple: Hover over a hyperlink or button and see if the mouse cursor changes \u2014 with normal text, it will. In this case, however, clicking anywhere on the picture will open the hyperlink because the target URL is attached to the picture, so basically the whole picture is one button\/hyperlink.<\/p>\n
If any doubt remains, try highlighting a portion of the text or resizing your mail client window. If it\u2019s a picture, you won\u2019t be able to highlight any words in it, and resizing the window won\u2019t cause the lines of text to rewrap or change in length.<\/p>\n
The general style of the letter hardly adds credibility \u2014 the varying fonts and line spacing, improper use of punctuation, and awkward language are all signs of a scam. Of course, people make mistakes, but Microsoft\u2019s templates don\u2019t tend to have any. If you see this many blatant errors in any letter, it is most likely phishing.<\/p>\n
One last thing: The claim that the account must be verified within 48 hours should also ring an alarm bell. Scammers often try to rush users into taking careless actions.<\/p>\n
Phishing site<\/h2>\n
Moving past the letter, the site to which it refers looks even less convincing. A legal site belonging to Microsoft would be hosted on a Microsoft domain, but the \u201cCreate your website with WordPress.com\u201d banner clearly communicates that the site was built on the free hosting platform WordPress.<\/p>\n
On the whole, a website of this design looks like a real one \u2014 maybe 25 years ago. Here\u2019s the modern Microsoft services sign-in page, for comparison: https:\/\/login.microsoftonline.com\/<\/a>.<\/p>\n A reliable protective solution detects phishing letters based on several factors, not text analysis alone. We therefore recommend using modern mail protection mechanisms such as those in Kaspersky Security for Microsoft Office 365<\/a>.<\/p>\n Every employee workstation and connected device needs additional security<\/a> as well, to serve as an extra barrier against phishing and other tricks.<\/p>\n<\/a><\/p>\nHow to stay safe<\/h2>\n