Our security team and help desk are tracking an alarming uptick in Office 365-related phishing emails targeting Exchange Online customers.

Bad actors appear to be targeting Office 365/Exchange Online users with fake warnings of data loss, message non-delivery, and/or account suspension.

The message content purports to contain technical information that would exceed the average user’s technical understanding/experience, but offers a hyperlink to resolve the issue. The links do not go to sites related to the Microsoft cloud and instead the trend suggests that the links target randomly-selected compromised hosts on the internet serving up pages designed to trick the user into entering their Exchange Online/Office 365 username and password.

Below is an actual specimen:

Exchange Online Office 365 Scam Activity email

Upon a cursory glance, the email might seem legitimate to many users.

However, closer inspection will bring to light little quirky bits that add up to a phony totality.

  • The sender’s email is bogus
  • The message is one run-on sentence with improper capitalizations. Because many attackers are from foreign countries, stilted English can be a big giveaway to a scam.
  • The subject is about an email not being sent, but the message is about email archiving.
  • The note in the footer also sounds like it was written by someone whose native language is not English.

“If an email looks fishy, take a moment before clicking anything,” advises Jay Winks, InCare’s NOC manager. “Furthermore, anytime you’re taken to a page that wants your credentials, verify that the site is what it purports to be both in visual branding and in its address/URL. If needed, ask your IT department or your managed security provider to provide assistance validating the authenticity of any suspicious email and/or site.”

InCare is an industry-recognized MSP and IT company providing computer networking and security services. We’re headquartered in Birmingham, AL, with offices in Montgomery, AL and Jackson, MS.



Get a free security consultation
reCAPTCHA is required.



Share This