New sign-in from Chrome on Windows

Ticket Number: 82038396DQ
July 26, 2018
Online course survey
August 22, 2018
Return to the Phish Tank
Date Sent: Tuesday, August 21, 2018 at 11:40 AM
Subject: New sign-in from Chrome on Windows
Sender: "Johnson, Hannah M" hjohnson@necc.mass.edu

Keyhole image
New sign-in from Chrome on Windows
You received this message because someone from an unknown location tried to access your Microsoft Account. click here to disconnect  from all devices.
Hi,
Your Microsoft Account was just used to sign in from Chrome on Windows.

User
Unrecognized.

Windows
Thursday, August 21, 2018 (Central Standard Time)
Murfreesboro, TN, USA*
Chrome
Don't recognize this activity?
Review your recently used devices  now.

Why are we sending this? We take security very seriously and we want to keep you in the loop on important actions in your account.
We were unable to determine whether you have used this browser or device with your account before. This can happen when you sign in for the first time on a new computer, phone or browser, when you use your browser's incognito or private browsing mode or clear your cookies, or when somebody else is accessing your account.
Best,
The Microsoft Accounts team
*The location is approximate and determined by the IP address it was coming from.
This email can't receive replies. To give us feedback on this alert, click here.
For more information, visit the Microsoft Accounts Help Center.

You received this mandatory email service announcement to update you about important changes to your Microsoft product or account.

© 2018 Microsoft Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

What's wrong with this email?

1. This email came from a compromised internal NECC account. So while the email may look like it's from a genuine source, it is in fact a fraudulent phishing attempt.

2. NECC does not provide users with "Windows Accounts" - ITS would never refer to your pc/email/MyNECC account as your "Windows Account".

3. The email is signed by the "Microsoft Team" however it's sent from an internal user. The internal user does not work for Microsoft, they work here at NECC.

4. If you hover (place your mouse pointer, but don't click) over the "click here to disconnect" or the "recently used devices" text, you'll see that the link they want you to click on will be taking you to http://th-de.com/mass. You will see there is no ".necc.mass.edu" in the URL, no mention of even NECC. This is a clear indication of a phishing attempt to gain your credentials.
Tweet
Share
Pin
Share
0 Shares
Christopher
Christopher
X