Security researchers are warning of an ongoing phishing campaign that is utilizing fake Office 365 notifications to fool unwitting users. The notifications warns users of blocked spam messages and asks them to review the messages. Of course, the links are nefarious and are loaded with spyware that will steel the users’ Microsoft account details.
These emails are especially dangerous because they look legitimate with the address quarantine[at]messaging.microsoft.com. Display names also match the domain of the recipient, making it even more believable.
Furthermore, each email has the Office 365 logo and links to Microsoft’s real privacy statement. However, users who pay close enough attention will see some standard problems that giveaway the nature of the mails. Specifically, shoddy formatting and strange spaces in the body.
“The email subject is ‘Spam Notification: 1 New Messages,’ alluding to the body of the email that informs the recipient that a spam message has been blocked and is being held in quarantine for them to review,” cloud email security firm MailGuard says. The company found the campaign and reported it.
“Details of the ‘Prevented spam message’ are provided, with scammers personalizing the subject heading as ‘[company domain] Adjustment: Transaction Expenses Q3 UPDATE’ to create a sense of urgency and using a finance-related message.”
When a user clicks a link, they are sent to the landing page of the phishing campaign which is designed to mimic Microsoft’s Security and Compliance Center. If they enter their Microsoft Account credentials when asked, the details are sent to servers run by the attack group.
“Providing your Microsoft account details to cybercriminals means that they have unauthorised access to your sensitive data, such as contact information, calendars, email communications, and more,” MailGuard adds.
Tip of the day: To prevent attackers from capturing your password, Secure Sign-in asks the user to perform a physical action that activates the sign-in screen. In some cases, this is a dedicated “Windows Security” button, but the most common case in Windows is the Ctrl+Alt Del hotkey. In our tutorial, we show you how to activate this feature.