Careful not to click through on the latest email phishing scam impersonating Microsoft Office 365 today. The first run of the attack began hitting email inboxes between 8-10am AEST Friday.
A simple HTML email with the subject reading ‘Office 365 Email Account Verification’ alerts recipients that they have an ‘important security message’ and asks that they click on the link to ‘Read the messsage’
Like previous Office 365 scams, when the victim clicks on the link in the email they are taken to a fake website, pretending to be a portal for Microsoft Office 365.
MailGuard identified and blocked a similar Office 365 email scam on Wednesday this week: https://www.mailguard.com.au/blog/office365-phishing-attack-failure-to-sync
Cyber-criminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target.
Anyone who follows the link in this phishing email will be asked to enter their login credentials on the fake Microsoft website. Once the scammers have successfully collected the victim’s username and password they pass the victim on to the legitimate Office 365 website, to avoid arousing suspicion.
Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.
For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates.