Clever Microsoft Phishing Scam Creates a Local Login Form
Credit:
Bleeping Computer
A clever phishing campaign has been spotted that bundles the scam's landing page in the HTML attachment rather than redirecting users to another site that asks them to log in.
A typical credential-stealing phishing scam consists of an email where the attacker tries to convince the user to click a link in order to retrieve a document or prevent something from happening. These links will then bring the user to a web site, or landing page, that includes a login form where the user must enter their login credentials to proceed.
With this type of attack, users can either detect the scam by the contents of the email, by a suspicious remote site and landing page, or by alerts from security solutions.