Daniel McShanag 12 September 2018 18:29:24 AEST 2 MIN READ

New Office365 alert is a phishing attack: 'Failure to sync'

Wednesday morning (AEST), a new email phishing scam started to arrive in inboxes, impersonating Microsoft Office 365. The subject reads: '(5) messages returned - failure to sync.'

The attack consists of a deceptively simple HTML email message, telling the recipient that their email account ‘failed to connect and returned (5) incoming emails.’ Recipients are encouraged to click the ‘Retrieve Messages’ link to get the emails.


If the victim clicks on the link in the email they are taken to a convincing replica which is a fake website, pretending to be a portal for Microsoft Office 365. The scam was detected and blocked by MailGuard.


This first login page is not a real Microsoft website. Although the design of the web page looks legitimate, this is a fake website used by hackers to collect login data from unsuspecting victims.

Upon entering a password, the user is first told their password is incorrect and to enter it again.


When the recipient enters their password a second time, the account is "verified" and they're redirected to the actual Microsoft account sign in page.

Screenshot from 2018-09-12 14-36-45

Cyber-criminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Office 365 is a regular victim of these scams. 

Anyone who follows the link in this phishing email will be asked to enter their login credentials on the fake Microsoft website. Once the scammers have successfully collected the victim’s username and password they pass the victim on to the legitimate Office 365 website, to avoid arousing suspicion. 

If you think you may have received this phishing email, check the sender details carefully. The sender details MailGuard identified in the messages that were blocked displayed ‘O365ct’ in the 'From:' field.

Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or phishing attacks. Obviously, this bogus email does not originate from a Microsoft email domain.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.

For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates. 

Keep Informed with Weekly Updates