Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more
- The attacker is using Google Ad Services to redirect users so this person or organization probably paid to have the URL go through an authorized source.
- One way to stay out of trouble is to keep yourself informed. Read more about this in our Security section.
- Have you read the latest news from the digital universe? Go through our News Hub to stay up to date.
It wasn’t a boring moment for attackers and scammers in luring Office 365 users.
Some phishing campaigns are using renewal warning messages, others are even trying to use the Office 365 voicemails to steal your data.
They even use calendar invites to break the increasingly work-from-home users accounts.
The phishing campaign targets secure email gateways (SEGs)
Cofense spotted this campaign describes the modus operandi of the phishing Defense Center (PDC) researchers who :
At first glance, the user will see This message was sent with High Importance. Again, the from address contains the word security and the subject talks about a Recent Policy Change, creating urgency to click and handle the matter immediately.
The attacker is using Google Ad Services to redirect users so this person or organization probably paid to have the URL go through an authorized source.
According to Cofense, this bypasses secure email gateways and exposes users to the phish.
If you click on either of the buttons presented, you are redirected to a duplicate of the real Microsoft page.
The next step is to be redirected again to a fake Microsoft login page. Needless to say that if you complete the credentials you will provide them to the phishing attacker.
Nothing sets a red flag since the next message on the screen ensures you that you have updated the terms and this time you are redirected to the legitimate Microsoft page, their Service Agreement.
How to stay safe? Make absolutely sure when clicking on unsolicited e-mails and links.
Have you been a victim of this phishing scam? Tell us all about it in the Comments section below.