Scam of the Week: Sophisticated Phishing Scam Targets Office 365 Users

December 20, 2018 2:54 pm Geraldine Strawbridge Phishing Scam Targets Office 365 Users

Office 365 users are the latest to be targeted with a convincing new phishing scam designed to steal their login credentials.

The scam was uncovered by security researcher Xavier Mertens as he collected data from his email ‘honeypots’. A honeypot is a computer system used to detect cyber-attacks and it provides valuable information on how cybercriminals operate.

The phishing email is disguised as a non-delivery notification from Office 365, informing the user that Microsoft has detected several undelivered messages on their account. It then prompts the recipient to click on the ‘send again’ link to resend the emails.

Image: Office 365 Phishing Email (Source: Internet Storm Center)

Office 365 phishing scam

As soon as the user clicks on the link, they’re directed straight through to a phishing website that impersonates the legitimate office 365 login page.  The site has been specifically set up to harvest user data and as can be seen from the below image, it’s extremely convincing and difficult to distinguish from the official Office 365 login page.

Image: Office 365 Phishing website (Source: Internet Storm Center)

Office 365 phishing scam

Once the victim enters their password, a JavaScript function called ‘sendmails’ relays the information back to the criminals and then redirects the user through to the legitimate Office 365 login URL.

The sophisticated nature of the scam highlights the extra care and vigilance users must take online. The URL should act as a red flag, but to the untrained eye the familiar branding and logos will be enough to trick them into disclosing sensitive information.

To prevent yourself from being phished by one of the many online phishing scams, there are a number of steps you should take:

  • Never click on links or download attachments from unknown sources.
  • Always verify the security of a website.
  • Pay close attention to the spelling of an email address, if there are any inconsistencies, delete immediately.
  • Ignore and delete emails with poor grammar, spelling or formatting.
  • Reputable companies will never ask you to supply personal information in an email.
  • Use unique passwords to reduce your chance of being hacked.
  • Install the latest anti-virus software on your device and ensure it is regularly updated.

Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combating cyber-crime. Get in touch for further information on how we can help your business.