so what is this?

This is a page dedicated to something I could easily build & use, but never would. Microsoft has a really crappy login page, easily reproducible by even the most amateur web developer. I know this because I've done it... well except the part where it sends off your infrormation.

well, you've build it though?

Yes, I have built the PAGE, mostly as a proof of concept, what I haven't built an email scraper or written scam email to send to unsuspecting victims from a legitimate-looking email domain. That would be evil, in the sense of "profoundly immoral", among many other things, including being illegal.

why put the idea out there then?

This isn't my idea. This is already happening far more often than you probably suspect. I simply wanted to prove that, yes if I wanted to, I could do it too. I also want to bring-to-light how easy it would be for someone with far more malicious intent to make something like this to steal information.

how to protect yourself

First & foremost, ALWAYS use unique password for every website you visit. This means that if one of your accounts gets compromised, it's not going to affect any of your other accounts. Memorising all these passwords can be difficult so a password manager is definitely recommended.
Learn more about password managers here.

Using 2FA would also protect you from a phishing scam like this. Like my page, it only asks for an email/username & password, so if I did record those details & tried to login, I would be able to as I would need a 2FA code from your email, text messages or authenticator app.
Learn more about 2-Factor-Authentication here.


LLastly, always check the domain or phone number from which a message is sent. Big services like Google & Microsoft will always email from their corresponding email domains (e.g. Google.com & Microsoft.com). To check to see if a phone number is legitimate you can use services like "Who Called Me?", a site where other users can rate phone numbers if they are legit or likely to be scams.
Learn how to spot a scam here.