Office 365 branding exploited in new phishing attack

Posted by Emmanuel Marshall on 06 August 2018 12:23:24 AEST

 

Microsoft’s stature as a trusted household name makes them a lucrative brandjacking target for cybercriminals.

This latest phishing attack - shown in the screenshot above - uses the “Office 365” trademark to persuade recipients that the email is legitimate and get them to click on the “recover messages” link.

The link actually directs victims to the phishing page shown below:

180806-office365-2

This page is a fake Microsoft login portal set up by the criminals to harvest their victim’s login credentials.

The cunning thing about this phishing scam is that once the victim has entered their username and password, the fake login page redirects them to a genuine Microsoft website, so they think that nothing is amiss. Meanwhile, the criminals have collected their login credentials and are able to steal their online identity for all kinds of nefarious purposes, like fraud, invoice falsification and malware spamming.

Please help us to warn people about this cyber-attack by sharing this blog post on your social media.

 

What is "phishing?"


Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain. 

Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.

A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.

Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services. 

In a typical phishing scam criminals create email templates that look like messages from big companies, like Microsoft. This practice is known as brandjacking.
When a brandjacking message shows up in a victim’s inbox they feel safe opening it because it looks like a legitimate email from a familiar company.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates

 


 

Topics: Phishing threat protection microsoft brandjacking email scams Threat Update office365

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all