A phishing campaign is targeting users of Outlook.com, potentially affecting the 400 million users who use the free email service, according to the cybersecurity firm Malwarebytes.
Users are warned that an email purporting to be from Microsoft is circulating that threatens to disable their account unless they verify it, with a link in the email putting the victim through to a website that steals their details.
The email reads: "Dear Microsoft User, Please note we have temporary blocked your account from receiving e-mails, because we detected fraudulent and spam, activities from your mail box to some blacklisted email address, So for your own safety verify your account. [sic]
"If a verification respond is not gotten from you in the next 24 hours, we are sorry we will be forced to permanently disable and delete your account from Microsoft Account."
On clicking the email, users are redirected to a phishing page that accurately mimics the look of the legitimate Outlook.com website, in contrast to the sloppy grammar in the email that is often the mark of campaigns aiming to steal logins.
The campaign also makes use of data uniform resource identifier (URI), which allows hackers to bypass anti-phishing defences such as web filtering and obscures the attack from most casual users.
Christopher Boyd, malware intelligence analyst at Malwarebytes, warned users to be suspicious of "any email asking you to login or enter personal information", especially if it involves the threat of suspension or mentions unusual activity.
