A new phishing campaign is underway pretending to be from the “Office 365 team,” warning recipients that there has been an unusual amount of file deletions occurring in their account.
The phishing scam, shown below, pretends to be a warning from the Office 365 service that states a medium-severity alert has been triggered. It then goes on to say that there has been high amount of file deletions occurring in their Office 365 account and they should review the alerts.
If you click on the “View alert details” link you will be brought to a, very real looking, fake Microsoft account login page that prompts you to login.
Since this page is hosted on Azure the site is secured with a certificate signed by Microsoft. This adds legitimacy to the scheme by making it appear as a Microsoft-sanctions URL. Azure is increasingly being used by scammers for this purpose.
When you enter your password the email address and password is sent to a web page that is controlled by the attackers. This page saves the credentials and the phisher later retrieves them.
Once you login with your credentials you will be redirected to a legitimate Microsoft Portal where you will be prompted to login again.
In the past we have advised users to closely examine phishing landing pages for suspicious domains. Scammers are now getting even trickier by hosting pages on Azure.
For Microsoft accounts and Outlook.com logins it’s important to remember that the login forms will be coming ONLY from:
- microsoft.com
- live.com
- microsoftonline.com
- outlook.com
If you are presented with a Microsoft login form from any other URL – avoid it!
Abrams, Lawrence. “Phishing Emails Pretend to be Office 35 ‘File Deletion’ Alerts” Bleeping Computer May 2019
Approximately 1 MILLION CYBERATTACKS are attempted a day and on average compromised credentials aren’t reported until 15 months after a breach.
Be careful. Be educated! We offer tools that monitor your credentials and raise awareness so that you and your employees will learn to avoid the pitfalls that put your company credentials at risk.
Give us a call to further discuss how we can help in protecting your business against cybersecurity threats, and how we can make technology work for your business.
Call 732.780.8615 or email [email protected]