The ploy is usual and time tested. An official looking email arrives in your inbox asking for something or the other. It is either a verification or confirmation of service agreement. The mail tries to look as real as possible, but on closer scrutiny, you can say easily that something is amiss.
The official looking email
The from address is a straight give away. Also the Microsoft Admin who send the email, Kerry Williams is actually an actress.
There is just one hyperlink provided in the mail which is ‘Update Your Account’. There is another link which says ‘Privacy Statement’.
Clicking on the link takes you to another website through a URL shortner to ‘hml.yltestml.ml’. The following is displayed at the link
While the page is made as close as replica as possible to the main login page for outlook, there is no clickable link anywhere. Also the address bar reveals that it is not a secure https connection.
After filling up junk data, the page displays the following prompt.
After a few seconds, it redirects you to the outlook main page, showing that everything was official and normal.
The whois query to the address yields no result.
An official masquerade to steal your account details and who knows what else from your PC.