Illinois: (312) 533-4033
Pennsylvania: (814) 333-3117

Indiana: (765) 395-7240
Wisconsin: (262) 686-5070

New Phishing Attack is Hitting Office 365 Accounts

One of the most popular tools for cybercriminals is phishing emails. They send them out relentlessly, hoping that their casted nets are big enough to reel in a few victims here and there, and most times, they are. Phishing emails are where scammers craft emails and websites that look like the real deal and detecting this fraud can be difficult to the untrained eye. A new phishing attack has been designed to steal Microsoft account credentials by sending out emails that look like email non-delivery notifications from Office 365.

Here’s an image of the attack so you’ll know what to look for:

Phishing attacks Microsoft Gold Partner Office 365 Cybercriminals

This campaign was uncovered recently by a honeypot, which is a decoy computer or email account used by experts to lure and trap malware or spam attacks. It starts with an email that pretends to be a non-delivery receipt from Office 365 saying that Microsoft found several undelivered messages in your account. To make it easier for the victim, the phishing email comes with a “Send Again” button which then pulls up a phishing page that looks exactly like the real Office 365 login tool.

The sole purpose of this phishing attack is to steal your Microsoft account password. If you bite and attempt to login, an automated script on the phishing site will capture your information and will then redirect you back to the official Office 365 login page as if everything’s fine and dandy. However, it is not. The damage has been done. The official non-delivery notification simply outlines the steps to fix the problem and it does not have a link to resend the unsent emails. It’s a subtle difference but it’s the meat and bones of this entire phishing attack.

There are millions of phishing emails being sent out at any given time, this Office 365 phishing attempt is just the latest in the collection. As a safety precaution, remember to be cautious with links, watch for typos, use unique passwords, set up two-factor authentication, check online accounts frequently for abnormalities and have a strong and updated security solution. If you need help ensuring your organization is protected or if you have fallen victim to an attack and need assistance, give 2W Tech a call today. We are a full-service IT Consulting firm, Microsoft Gold Partner and specialize in Security solutions.

Read More:

Latest Edition of Epicor Serves Manufacturer Dealer Network

Microsoft Azure Adds Machine Learning Service