Microsoft’s stature as a trusted household name makes them a lucrative brandjacking target for cybercriminals.
This latest phishing attack - shown in the screenshot above - uses the “Office 365” trademark to persuade recipients that the email is legitimate and get them to click on the “recover messages” link.
The link actually directs victims to the phishing page shown below:
This page is a fake Microsoft login portal set up by the criminals to harvest their victim’s login credentials.
The cunning thing about this phishing scam is that once the victim has entered their username and password, the fake login page redirects them to a genuine Microsoft website, so they think that nothing is amiss. Meanwhile, the criminals have collected their login credentials and are able to steal their online identity for all kinds of nefarious purposes, like fraud, invoice falsification and malware spamming.
Please help us to warn people about this cyber-attack by sharing this blog post on your social media.
#ZERODAY #FASTBREAK Email #brandjacking #Office365, claims you have failed ‘incoming mails’ with a link to a #Microsoft branded #phishing site. After entering login details, site claims account is ‘verified’ & redirects to the real @Office365 login page. https://t.co/cqzMRFWiwk pic.twitter.com/701kdxjanK— MailGuard (@MailGuard) August 6, 2018
What is "phishing?"
Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain.
Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.
A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.
Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.
In a typical phishing scam criminals create email templates that look like messages from big companies, like Microsoft. This practice is known as brandjacking.
When a brandjacking message shows up in a victim’s inbox they feel safe opening it because it looks like a legitimate email from a familiar company.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: