A new phishing campaign is targetting Office 365 users with spam alerts

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • If you value your privacy and sensitive data, be careful with Office 365 spam emails.
  • Security experts uncovered a new ongoing phishing method that is highly persuasive.
  • Shady third-parties are actually using of quarantine[at]messaging.microsoft.com.
  • Be extremely careful when clicking untrusted links provided by unofficial sources.
office 365 phishing

It really hasn’t been that long since we last spoke about phishing campaigns actively being ran by malicious third parties, that target Office 365 users.

Either in the form of an urgent response type alert, or by adding QR codes to some emails, hackers will stop at nothing to get their hands on your sensitive data, money, etc.

Recently, a persuasive new series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.

Careful when opening Spam emails

If you were windering what exactly makes these phishing emails especially convincing, we will answer your question.

Shady third-parties are actually using of quarantine[at]messaging.microsoft.com to send them to potential targets and the display name matching the recipients’ domains.

Furthermore, the attackers have embedded the official Office 365 logo and included links to Microsoft’s privacy statement and acceptable use policy at the end of the email.

It’s actually a very elaborate scheme, urging the targets to review the quarantined messages in maximmum 30 days, by accesing Microsoft’s Security and Compliance Center from the embedded link.

And, of course, instead of the victims being redirected to th Office 365 portal, they are sent to a phishing landing page that will ask them to enter their Microsoft credentials to access the quarantined spam messages.

Upon entering their credentials in the form located on the phishing page, their accounts’ details get sent to attacker-controlled servers.

If you do fall victim to such schemes, your Microsoft credentials will later be used by the cybercriminals to take control of their accounts and gain access to all their information.

As spotted by MailGuard, providing your Microsoft account details to cybercriminals means that they have unauthorised access to your sensitive data, such as contact information, calendars, email communications, and more.

Needless to say what could happen once malicious third-parties have access to your personal info. That’s why we always urge our readers to exercise safety when online.

Have you also received such phishing emails? Let us know in the comments section below.