- If you value your privacy and sensitive data, be careful with Office 365 spam emails.
- Security experts uncovered a new ongoing phishing method that is highly persuasive.
- Shady third-parties are actually using of quarantine[at]messaging.microsoft.com.
- Be extremely careful when clicking untrusted links provided by unofficial sources.
It really hasn’t been that long since we last spoke about phishing campaigns actively being ran by malicious third parties, that target Office 365 users.
Recently, a persuasive new series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.
Careful when opening Spam emails
If you were windering what exactly makes these phishing emails especially convincing, we will answer your question.
Shady third-parties are actually using of quarantine[at]messaging.microsoft.com to send them to potential targets and the display name matching the recipients’ domains.
Furthermore, the attackers have embedded the official Office 365 logo and included links to Microsoft’s privacy statement and acceptable use policy at the end of the email.
It’s actually a very elaborate scheme, urging the targets to review the quarantined messages in maximmum 30 days, by accesing Microsoft’s Security and Compliance Center from the embedded link.
And, of course, instead of the victims being redirected to th Office 365 portal, they are sent to a phishing landing page that will ask them to enter their Microsoft credentials to access the quarantined spam messages.
Upon entering their credentials in the form located on the phishing page, their accounts’ details get sent to attacker-controlled servers.
If you do fall victim to such schemes, your Microsoft credentials will later be used by the cybercriminals to take control of their accounts and gain access to all their information.
As spotted by MailGuard, providing your Microsoft account details to cybercriminals means that they have unauthorised access to your sensitive data, such as contact information, calendars, email communications, and more.
Needless to say what could happen once malicious third-parties have access to your personal info. That’s why we always urge our readers to exercise safety when online.
Have you also received such phishing emails? Let us know in the comments section below.