Our security team and help desk are tracking an alarming uptick in Office 365-related phishing emails targeting Exchange Online customers.
Bad actors appear to be targeting Office 365/Exchange Online users with fake warnings of data loss, message non-delivery, and/or account suspension.
The message content purports to contain technical information that would exceed the average user’s technical understanding/experience, but offers a hyperlink to resolve the issue. The links do not go to sites related to the Microsoft cloud and instead the trend suggests that the links target randomly-selected compromised hosts on the internet serving up pages designed to trick the user into entering their Exchange Online/Office 365 username and password.
Below is an actual specimen:
Upon a cursory glance, the email might seem legitimate to many users.
However, closer inspection will bring to light little quirky bits that add up to a phony totality.
- The sender’s email is bogus
- The message is one run-on sentence with improper capitalizations. Because many attackers are from foreign countries, stilted English can be a big giveaway to a scam.
- The subject is about an email not being sent, but the message is about email archiving.
- The note in the footer also sounds like it was written by someone whose native language is not English.
“If an email looks fishy, take a moment before clicking anything,” advises Jay Winks, InCare’s NOC manager. “Furthermore, anytime you’re taken to a page that wants your credentials, verify that the site is what it purports to be both in visual branding and in its address/URL. If needed, ask your IT department or your managed security provider to provide assistance validating the authenticity of any suspicious email and/or site.”
InCare is an industry-recognized MSP and IT company providing computer networking and security services. We’re headquartered in Birmingham, AL, with offices in Montgomery, AL and Jackson, MS.