Attacker uses an Office 365 site to steal user credentials

Don Sharpe
by Don Sharpe
Affiliate Disclosure

  • Hackers set up an Office 365 login page to steal users' Microsoft credentials. 
  • Remote workers using VPNs to securely connect to company networks were a target for the email phishing attacks.
  • You can always visit our Office 365 hub for relevant tips, guides, and news. 
  • Would you like to optimize your company's virtual private network security? Check out the VPN page for practical recommendations and tools!


VPN targeted for cyber attacks

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player recently set up an Office 365 phishing base to fraudulently obtain usercredentials.

Pretty much any platform that requires user authentication to allow access can be a target for phishing.

Also, anyone can be a victim, from SaaS customers to OneDrive users.

Malicious actors created an Office 365 email phishing site

5 Best VPNs we recommend

PIA VPN 79% Off
+ 2 free Months
sale-coupon Check offer!
CyberGhost VPN 83% Off (2.25$/Month)
+ 3 free Months
Check offer!
NordVPN 68% Off + 1, 12 or 24 free Months (random prize) Check offer!
SurfShark VPN 83% Off (2.21$/Month)
+ 3 free Months
Check offer!
BullGuard VPN 76% (2.83$)
on 2 Years plan
Check offer!

Hackers sent remote workers malicious email links to fraudulently capture their user credentials, according to an Abnormal Security report.

For starters, they took advantage of the fact that many organizations are currently setting up VPNs to secure internet connections for their work-at-home employees.

The target receives an email disguised as official communication from their employer’s IT department in this phishing attempt.

Next, the target clicks the link in the email, which leads to a VPN configuration that the attacker set up. In the end, the employee lands on a login page hosted on the Office 365 platform.

Since the site looks almost 100% the same as the genuine one, the remote worker, sadly, falls for it.

Therefore, the victim supplies their login details oblivious of the fact that they’re not signing into their employer’s official portal.  So, just like that, the bad actor makes away with the target’s Microsoft credentials.

The attack impersonates a notification email from the IT support at the recipients’ company. The sender email address is spoofed to impersonate the domain of the targets’ respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target’s company, the hyperlink actually directs to an Office 365 credential phishing website.

Here are tips for optimizing your email security:

  • User discretion: Always check the URL of any web form that requires your user credentials.
  • Email security: Use email scanning anti-malware.
  • Windows updates: Always install Windows security updates.
  • Microsoft’s security tools: This can elevate your threat detection capabilities.

Have you ever been a victim of email phishing? Feel free to share your experience in the comments section below.

This article covers:Topics:

There are no comments yet. Please leave a comment

add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

hello i would like to get VPN for a reason some one or 3 million keeps hacking in to people phones or hacking to phone they could try moving it that not good for them to do because i dont like it if u can try to get some one to report this because its wrongof them to see some one gettinyg in to the washed bath room where if i was getting washed even tho i didnt to anyone hacking because its is banned for hacking i been told by govmeant they said you are not allow to hack even you live with your kids or parents that they shouldnt really hack but i do have idea how to stop this hack going around also i think government can stop all users that are hacking will be getting trobule for not listening to the governmeant rules thatv only in uk we do want 3 million people to stop doing them hacks because its really banned for the hacks grovernmeant dosent want anyone doing it also governmeant wants to have a wards with people did them hacks they would see people did hacks governmeant will be talking to them tell them why would they do them hacks its is banned to not hack dont hack if boris finds out that 3 million people are doing them hacks then its no good because i for my i didnt do it so they shouldnt do anymore but this is only warning users that are 3 million people dont even hack anymore governmeant wil be makeing video news about that dont think you can get way with this users