A woman is warning people about what she claims is a new phishing attack involving Microsoft. However, it may just be a variation on a theme, and Microsoft isn’t really to blame.
The warning comes from creator Jill (@gracefullgrit), which received more than 3.3 million views on a video posted Tuesday. In it, she warns people who use Microsoft or Gmail (in other words, many) about a “scam.” She says it will “completely wipe your phone down.”
She explains that it’s an email with a link to click, purporting to help you, when it’s actually a door you’re opening to hackers.
“If you receive an email saying that they have detected an unusual login from a different location, do not click on the link in the email,” she warns. “The email will say that it has detected unusual sign-in activity from your Gmail account. It will give you a date, it will give you a location, it will give you an IP address. Then it will give you a link to go to your security settings.”
Then, she says, “It’s going to ask you to review your recent activity to let them know whether or not this was you. This link will allow the hackers to wipe your phone, get all of your personal information, and make your life miserable.”
She then advises, “You do not have to do this. You can actually log in through your Gmail and check in your security settings, where your log-in attempts have been made.”
Clicking the details link in the bottom right corner of your Gmail display, per a Google help page we tested out, will give you some sense of Gmail account activity including log-ins.
“Do not click the link,” she warns one more time to close out the video. “Do not make this mistake.”
@gracefullgrit ⚠️ If you receive an email from Microsoft, DO NOT click the link! ⚠️ #scam #dontfallforit #emailscam #microsoft #hackers #fyp #foryoupage❤️❤️ ♬ original sound – ✨Jill ✨
Why do hackers pick Microsoft?
According to TechRepublic, “Check Point’s Harmony Email & Collaboration team detected over 5,000 emails disguised as Microsoft product notifications, which could lead to email extortion, the cybersecurity company said on Oct. 2. The emails stand out for their polished appearance and the inclusion of legitimate links.”
The article stated that Check Point did a survey last year, finding “Microsoft was the most-spoofed brand in phishing scams. The other companies featured most often in spoofing campaigns were Google, Apple, Wells Fargo, and Amazon.”
All of those companies have many customers or users. They also have easily identifiable logos that could lead people to believe the phishing emails are real.
The Federal Trade Commission notes, “While real companies might communicate with you by email, legitimate companies won’t email or text with a link to update your payment information. Phishing emails can often have real consequences for people who give scammers their information, including identity theft. And they might harm the reputation of the companies they’re spoofing.”
Viewers weigh in
Some people who responded to Jill’s warning are somewhat immune to email.
“Well that email will have to join my 20,000 emails I don’t look at,” one quipped.
Another noted, “The only emails I check is the ones that say ‘ur package is on the way’ or something.”
Someone else noted, “If i get an email like this. I delete it and go login to the security settings myself. My Microsoft acc have failed attempts for login from all around the world. Gmail is fine.”
Another revealed, “I get login attempts like every hour on my microsoft acc. few times they actually guessed the password but can’t guess the email for 2 factor.”
One commenter gave a tip on what to look for: “Always check the email address of a sender before you click on a link. Look for very small differences of inaccuracy.”
Jill, responding to the Daily Dot’s request for comment, regarded her video as a public service.
“I’m always grateful when my videos reach those that need them,” she remarked. “So many have forwarded to their parents or the elderly, who tend to fall for these scams more often than not.”
Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.