Seems like since micro-blogging, social networking, and banking sites are the ones commonly targeted by phishers nowadays, one attack pulled itself away from the trend and went for a more direct approach: email accounts.
We’ve recently found a phishing email that informs users to re-configure their Microsoft Outlook through an online procedure. Users are instructed to click on the link to setup, leading them to a phishing website.
Unlike micro-blogging, social networking, or even banking accounts, a user name and password is not enough to take full control of an email account. Mail server information is also necessary, which explains the need for them in the phishing page. Getting hold of such information would gain the phisher total access the affected user’s account, be able to read their emails, possibly steal critical information, or use it to spam other users. Furthermore, using such a widely used email client such as Microsoft Outlook places a large number of end users at risk of getting their email account compromised.