New scam sends fake Microsoft 365 login pages

Attackers person a caller instrumentality that targets Microsoft 365 users astatine a monolithic scale. 

Security researchers accidental a phishing level called Quantum Route Redirect, oregon QRR, is down a increasing question of fake login pages hosted connected astir 1,000 domains. These pages look existent capable to fool galore users portion besides slipping past immoderate automated scanners.

QRR runs realistic email lures that mimic DocuSign requests, outgo notices, voicemail alerts oregon QR-code prompts. Each connection routes victims to a fake Microsoft 365 login leafage built to harvest usernames and passwords. The kit often lives connected parked oregon compromised morganatic domains that adhd a mendacious consciousness of information for anyone who clicks.

Researchers tracked QRR successful 90 countries. About 76% of attacks deed US users. That standard makes QRR 1 of the largest phishing operations progressive close now.

WINDOWS 10 USERS FACE RANSOMWARE NIGHTMARE AS MICROSOFT SUPPORT ENDS IN 2025 WORLDWIDE

Sign up for my FREE CyberGuy Report 
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — escaped erstwhile you articulation my CYBERGUY.COM newsletter.

Attackers usage fake Microsoft information alerts to instrumentality radical into entering their Microsoft 365 passwords. (Chona Kasinger/Bloomberg via Getty Images)

A accelerated travel to different large Microsoft credential attacks

QRR appeared soon aft Microsoft disrupted a large phishing web known arsenic RaccoonO365. That work sold ready-made Microsoft login copies utilized to bargain much than 5,000 sets of credentials, including accounts tied to implicit 20 US healthcare organizations. Subscribers paid arsenic small arsenic $12 a time to nonstop thousands of phishing emails.

Microsoft's Digital Crimes Unit aboriginal unopen down 338 related websites and identified Joshua Ogundipe from Nigeria arsenic the operator. Investigators tied him to the phishing codification and a crypto wallet that earned much than $100,000. Microsoft and Health-ISAC person since filed a suit successful New York that accuses him of aggregate cybercrime violations.

Other caller examples see kits similar VoidProxy, Darcula, Morphing Meerkat and Tycoon2FA. QRR builds connected these tools with automation, bot filtering and a dashboard that helps attackers tally ample campaigns fast.

What makes QRR truthful effective

QRR uses astir 1,000 domains. Many are existent sites that were parked oregon compromised, which helps the pages walk arsenic legitimate. The URLs besides travel a predictable signifier that tin look mean to users astatine a glance.

The kit includes automated filtering that detects bots. It sends scanners to harmless pages and sends existent radical to the credential-harvesting site. Attackers tin negociate campaigns wrong a power sheet that logs postulation and activity. These features fto them standard up rapidly without method skill.

Security analysts accidental organizations tin nary longer beryllium connected URL scanning alone. Layered defenses and behavioral investigation person go indispensable for spotting threats that usage domain rotation and automated evasion.

Microsoft was contacted by CyberGuy for remark but did not person thing to adhd astatine this time.

HACKERS FIND A WAY AROUND BUILT-IN WINDOWS PROTECTIONS

Why this matters for Microsoft 365 users

When attackers get your Microsoft 365 login, they tin spot your email, drawback files and adjacent nonstop caller phishing messages that look similar they came from you. That tin make a concatenation absorption that spreads fast. This is wherefore the steps beneath each enactment unneurotic to artifact these threats earlier they crook into thing bigger.

Steps to enactment harmless from QRR and different Microsoft 365 phishing attacks

Use these elemental actions to shrink the hazard from fake Microsoft 365 pages and look-alike emails.

1) Check the sender earlier you click

Take a 2nd to look astatine who the email is truly from. A flimsy misspelling, an unexpected attachment oregon wording that feels disconnected is simply a large hint the connection whitethorn beryllium fake. 

2) Hover implicit links first

Before you unfastened immoderate link, hover your rodent implicit it to preview the URL. If it does not pb to the authoritative Microsoft login leafage oregon looks unusual successful immoderate way, skip it.

3) Turn connected multifactor authentication (MFA)

MFA adds an other furniture adds an other furniture that makes it overmuch harder for attackers to interruption successful adjacent if they person your password. Use options similar app-based codes oregon hardware keys truthful phishing kits cannot bypass them.

4) Use a information removal service

Attackers often stitchery idiosyncratic details from information broker sites to trade convincing phishing emails. A trusted information removal work scrubs your accusation from these sites, which cuts down connected targeted scams and makes it harder for criminals to tailor fake Microsoft alerts that look real.

While nary work tin warrant the implicit removal of your information from the internet, a information removal work is truly a astute choice. They aren't cheap, and neither is your privacy. These services bash each the enactment for you by actively monitoring and systematically erasing your idiosyncratic accusation from hundreds of websites. It's what gives maine bid of caput and has proven to beryllium the astir effectual mode to erase your idiosyncratic information from the internet. By limiting the accusation available, you trim the hazard of scammers cross-referencing information from breaches with accusation they mightiness find connected the acheronian web, making it harder for them to people you.

QRR hides its phishing pages crossed astir 1,000 domains, making the fake login screens look convincing astatine archetypal glance. (Microsoft)

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com.

5) Update your browser and apps

Keep everything connected your instrumentality up to date. Updates seal disconnected information holes that attackers often trust connected erstwhile gathering phishing kits similar QRR.

6) Never click chartless links and usage beardown antivirus software

If you request to sojourn a delicate site, benignant the code into your browser alternatively of tapping a link. Strong antivirus tools besides assistance by informing you astir fake websites and blocking scripts that phishing kits usage to bargain login details.

The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe.

Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices astatine Cyberguy.com.

MICROSOFT SOUNDS ALARM AS HACKERS TURN TEAMS PLATFORM INTO 'REAL-WORLD DANGERS' FOR USERS

7) Use precocious spam filtering

Most email providers connection stronger filtering settings that artifact risky messages earlier they scope you. Turn connected the highest level your relationship allows to support much fake Microsoft alerts retired of your inbox.

8) Watch for login alerts

Turn connected Microsoft relationship sign-in notifications truthful you get an alert anytime idiosyncratic tries to entree your account. To bash this, motion successful to your Microsoft relationship online, unfastened Security, take Advanced information options and power connected Sign-in alerts for immoderate suspicious activity.

Strong sign-in alerts and phishing-resistant MFA assistance artifact these scams earlier criminals tin instrumentality implicit your account.  (Drew Angerer/Getty Images)

Kurt's cardinal takeaways

QRR is simply a reminder of however rapidly scammers alteration their tactics. Tools similar this marque it casual for criminals to nonstop immense waves of fake Microsoft emails that look existent astatine archetypal glance. The bully quality is that a fewer astute habits tin enactment you a measurement ahead. When you adhd stronger sign-in protection, crook connected alerts and enactment alert of the newest tricks, you marque it overmuch harder for attackers to sneak in.

Do you deliberation astir radical tin archer the quality betwixt a existent Microsoft login leafage and a fake one, oregon person phishing kits go excessively convincing? Let america cognize by penning to america astatine Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — escaped erstwhile you articulation my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.