Attackers used Office 365 voicemails as phishing bait

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Reports from multiple cybersecurity firms show that Office 365 users are increasingly being targeted with phishing emails.
  • Hackers used Oxford University servers to send phishing emails to Office 365 users..
  • Phishing attacks are on the rise, and organizations have to get smarter to beat them. Check out our Cybersecurity page for actionable insights!
  • Don't forget to visit the Security & Privacy for updates and more.
Oxford University server phishing emails

To fix various PC problems, we recommend DriverFix:
This software will keep your drivers up and running, thus keeping you safe from common computer errors and hardware failure. Check all your drivers now in 3 easy steps:

  1. Download DriverFix (verified download file).
  2. Click Start Scan to find all problematic drivers.
  3. Click Update Drivers to get new versions and avoid system malfunctionings.
  • DriverFix has been downloaded by 0 readers this month.

Reports from multiple cybersecurity firms show that Office 365 users are increasingly being targeted with phishing emails.

The phishing attacks are sometimes too sophisticated to detect or stop even using advanced anti-spam filters. That’s partly because cyber criminals are using legitimate domains to send their malicious emails.

An Office 365 phishing campaign that Check Point uncovered recently is enough proof that organizations need to deploy smarter cybersecurity tools to thwart such attacks.

Office 365 voicemail attacks

In this particular Office 365 phishing campaign, targets received email notifications about missed voice messages. The emails prompted them to click a button under the impression that it would take them to their legitimate Office 365 accounts.

But clicking the link redirects the user to a phishing page disguised as the genuine Office 365 sign-in page. This is where the attackers steal the victim’s Office 365 login credentials.

What’s surprising here is the fact that anti-phishing tools should usually detect email links with patterns like that. So, you may wonder how exactly these attackers deploy such malicious redirects and payloads undetected.

The answer is simple: the bad actors include legitimate platforms in their plans. In this case, the attackers sent harmful emails from addresses belonging to genuine servers in the University of Oxford (UK).

Using legitimate Oxford SMTP servers allowed the attackers to pass the reputation check for the sender domain. In addition, there was no need to compromise actual email accounts to send phishing emails because they could generate as many email addresses as they wanted.

However, there are several steps you can take to protect your employees from phishing attacks:

  • Educate your staff about phishing and password safety.
  • Install email-scanning software that can detect messages with malicious payloads.
  • Keep your operating system update. Most importantly, always install Patch Tuesday security updates from Microsoft (they’re free of charge).
  • Install an up-to-date antivirus solution.

Does your organization use Office 365? How do you deal with the ever-growing phishing threat? Feel free to share your tricks and methods via the comments section below.

idee restoro Still having issues? Fix them with this tool:
  1. Download this PC Repair Tool rated Great on (download starts on this page).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues with Patented Technologies (Exclusive Discount for our readers).

Restoro has been downloaded by 0 readers this month.

This article covers:Topics: