Sophisticated phishing email targets Microsoft Office users
DigitalXRAID’s Security Operations Centre Analysts have spotted an ongoing series of phishing attacks which are using fake Office 365 notifications to attempt to gain access to Microsoft Office accounts. The purpose of the emails is to ask the recipients to review blocked spam messages, linking users directly to a phishing landing page with the purpose of stealing their Microsoft credentials.
What makes the phishing emails so convincing is the use of the (quarantine[at]messaging.microsoft.com) email address and template which is sent to their targets and the display name which matches the recipient’s domains.
This phishing attack is one of the most sophisticated attempts at imitating a Microsoft email that we’ve ever seen and we want to be sure that everyone, not just OUR customers who we’ve already sent alerts to, remain vigilant. The email is made to look like an innocuous spam quarantine message – something most people are used to seeing, but don’t pay a lot of attention to and wouldn’t necessarily question. The email also preys heavily on a user’s sense of curiosity, by stating that they have quarantined messages, but not showing what they are within the email message itself.
What action can you take?
We advise all clients, partners, associates and readers to exercise caution when opening any unexpected emails. As always, ensure that the sender is legitimate and trusted before following any links or opening any attachments.
Always remember:
- Question emails and check for spelling and grammatical errors
- Remember to hover over (but don’t click on) hyperlinks that look suspicious to see where they go
- Double check links and email addresses to make sure they’re the real thing and not a fake look-alike
If in doubt, check with your IT team or SOC Team and we advise any Microsoft Office users to raise awareness with your staff as a preventative measure.
DigitalXRAID Analysts continue to monitor the situation and will provide updates should further details become available.
If you think you’ve suffered a breach or are under attack and need emergency help, call or email us now. We’re open 24 hours a day, 7 days a week.