Phishing email spoofing Office 365 asks users to review “quarantined messages”

Posted by Akankasha Dewan on 07 April 2020 17:21:35 AEST

MailGuard has intercepted a phishing email masquerading as a notification from Office 365. It is designed to gain access to confidential data, like users’ usernames and passwords.

Using a display name of “eReport’’, the malicious email is titled “Failure Notification” and purports to come from Office 365. It is actually sent from a single compromised email address. The email body includes a customised greeting that is addressed to the recipient’s display name. It informs that recipient that several quarantine messages are in their “quarantine portal’’. Users are directed to “review these” by clicking on a provided link.

Here is a screenshot of the email:

Quarantine social

Unsuspecting recipients who click on the link to review their messages are redirected to a legitimate-looking copy of the Office 365 login page.

quaranting phishing edited

We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

This is actually a phishing page designed to harvest users’ Office 365 usernames and passwords.

Cybercriminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Microsoft is a regular victim of these scams. In this particular scam, cybercriminals use the phishing link in the email to redirect users to the phishing page, instead of leading them to the page directly. This is done in order to avoid detection of the phishing page by email security filters.

The phishing email contains several typical elements that attempt to trick recipients into falling for the scam:

  • use of a major brand name to inspire false trust; the incorporation of the words “Office 365” in bold text at the top of the email body,
  • presence of customised greetings that indicate the email isn’t a generic notification but one directed specifically to the recipient,
  • the inclusion of high-quality branding elements & links like ‘Forgot your password?’ in the login page; this is typically expected of a well-established tech company such as Microsoft,
  • and attempt to alarm; using a subject line like “Failure Notification’’ creates a sense of alarm and urgency, motivating the recipient to click on the malicious link.

Despite these elements, the email in itself contains several tell-tale signs that commonly belong to fraudulent emails and should help eagle-eyed recipients point to its illegitimacy. These include the fact that the ‘from’ field doesn’t use a familiar domain, as well as spacing and formatting errors.  

We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: email scams fraud fastbreak

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all