Below my commentary is one of the best looking fake emails I have ever received. The grammar is correct, the spelling is correct, the logos are correct, and the premise is reasonable. My personal email account is with AT&T and Yahoo does handle their email. At a quick glance, there is very little to indicate it’s a bad email. There are clues however.
The sender is a PacBell email address, not AT&T or Yahoo.
“Powered by Microsoft”? Huh? It’s a head scratcher until you look further.
If you hover over any of the links, you’ll see they go to:
No way this should be to a OneDrive location. I strongly recommend you ALWAYS hover over a link before clicking it.
Since this email is being used to illustrate the need to be cautious, I set up a protected mode in a virtual system and went to the link. Doing so gives you:
Why, look… it’s an Excel form on a OneDrive site, which answers the “Powered by Microsoft” question. This site wants you to enter your login credentials so it can store them in a database. I especially like the warning. Someone is actually telling you not to do the very thing they are attempting to trick you into doing.
We find the only instance of bad formatting in the ploy. “P A SS W O R D” instead of “P A S S W O R D”.
Lastly, when have you ever seen “PRIVATE CREDENTIALS” as part of a login? It’s odd, and odd should raise a flag.
As always, the primary takeaway is be diligent and pay attention. Unfortunately, turning off our brains and trusting implicitly is just not an option if you want to stay safe.