Dec 6, 2021
78 Views
0 0

Convincing Microsoft phishing uses fake Office 365 spam alerts

Written by

Convincing Microsoft phishing uses fake Office 365 spam alerts
Microsoft reverses Windows 11’s annoying default browser setting changes
US State Dept employees’ phones hacked using NSO spyware
Fake support agents call victims to install Android banking malware
Malicious Excel XLL add-ins push RedLine password-stealing malware
Convincing Microsoft phishing uses fake Office 365 spam alerts
Learn how to develop Android apps with 3 in-depth courses for $13
As Twitter removes blue badges for many, phishing targets verified accounts
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Convincing Microsoft phishing uses fake Office 365 spam alerts
A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.
What makes these phishing emails especially convincing is the use of quarantine[at]messaging.microsoft.com to send them to potential targets and the display name matching the recipients’ domains.
Additionally, the attackers have embedded the official Office 365 logo and included links to Microsoft’s privacy statement and acceptable use policy at the end of the email.
Luckily, the phishing messages come with text formatting issues and out-of-place extra spaces that would allow spotting these emails’ malicious nature on closer inspection.
“The email subject is ‘Spam Notification: 1 New Messages,’ alluding to the body of the email that informs the recipient that a spam message has been blocked and is being held in quarantine for them to review,” cloud email security provider MailGuard who spotted this campaign said
“Details of the ‘Prevented spam message’ are provided, with scammers personalizing the subject heading as ‘[company domain] Adjustment: Transaction Expenses Q3 UPDATE’ to create a sense of urgency and using a finance-related message.”
The targets are given 30 days to review the quarantined messages by going to Microsoft’s Security and Compliance Center by clicking on an embedded link.
However, instead of reaching the Office 365 portal when clicking the ‘Review’ button, they are sent to a phishing landing page that will ask them to enter their Microsoft credentials to access the quarantined spam messages.
After entering their credentials in the malicious form displayed on the phishing page, their accounts’ details get sent to attacker-controlled servers.
If they fall victim to these tricks, the victims’ Microsoft credentials will later be used by the cybercriminals to take control of their accounts and gain access to all their information.
“Providing your Microsoft account details to cybercriminals means that they have unauthorised access to your sensitive data, such as contact information, calendars, email communications, and more,” MailGuard added.
Office 365 users are continuously targeted in phishing campaigns attempting to harvest their credentials and use them in fraudulent schemes.
Microsoft revealed in August that a highly evasive spear-phishing campaign targeted Office 365 customers in multiple waves of attacks beginning with July 2020.
In March, the company also warned of a phishing operation that stole roughly 400,000 OWA and Office 365 credentials since December 2020 and later expanded to abuse new legitimate services to circumvent secure email gateways (SEGs) protections.
In late January, Redmond further notified Microsoft Defender ATP subscribers of an increasing number of OAuth phishing (consent phishing) attacks targeting remote workers.
If successful, the impact of phishing attacks ranges from identity theft and fraud schemes including but not limited to Business Email Compromise (BEC) attacks.
For instance, since last year, the FBI has warned of BEC scammers abusing popular cloud email services, including Microsoft Office 365 and Google G Suite, in Private Industry Notifications issued in March and April 2020.
The US Federal Trade Commission (FTC) has also revealed that the number of identity theft reports doubled last year compared to 2019, reaching a record of 1.4 million reports within a single year.
Emotet now spreads via fake Adobe Windows App Installer packages
Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
Microsoft: Office 365 will boost default protection for all users
Kaspersky’s stolen Amazon SES token used in Office 365 phishing
Microsoft: Iran-linked hackers target US defense tech companies
Not a member yet? Register Now
Microsoft reverses Windows 11’s annoying default browser setting changes
Malicious KMSPico installers steal your cryptocurrency wallets
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News

Comments are closed.