Phishing email spoofing Office 365 claims your messages haven’t been delivered

Posted by Akankasha Dewan on 12 July 2019 13:43:05 AEST

Don’t be too quick to believe everything you read in an email, even if they seem urgent and/or require action on your behalf.

MailGuard has detected inboxes all over Australia are being hit by a phishing email scam. Malicious emails purporting to be from Office 365 are being sent via a compromised email address. The body of the message informs recipients that some messages for the recipient have been delayed due to them being identified as spam. It adds that the recipient can review these and choose what happens to them by clicking a link in the email to "Review Message". The ‘from:’ field of the email uses a combination of the recipient’s domain along with the words "Online Support Team."

Here is a screenshot of the email:

Friday 1

Unsuspecting recipients who click on the link in the email are redirected to a Microsoft blob hosted phishing page, designed to look like the actual Office 365 login screen. The user is given the choice to select their account from a list. The list includes the recipient address of the scam, as per the below:

Friday 2

Clicking on their account leads recipients to a similar page asking for their password, as per the below:

Friday 3

Once the password is entered and the recipient clicks login, the page indicates it is loading.

As of the time of MailGuard’s interception, no change was occurring after this stage. The page was simply stuck at ‘loading’, resulting in a dead end for the recipient.

As per other similar scams we’ve seen in the past, several elements have been employed to boost the authenticity of this email scam. There is the impersonation of Office 365’s branding and logo, including high quality graphical elements in the phishing pages of the scam. Within the message body itself are some additional lines to attempt to legitimize the message. At the top of the message, it is stated that the email is is a "Message from {recipients email} Trusted server." The email also includes a Microsoft corporation footer. As these are elements typically expected from a well known organisation such as Microsoft, cybercriminals behind this scam have employed them in order to trick recipients into clicking on the link and submitting their personal details.

Despite these attempts, eagle-eyed recipients would be able to identify the inauthenticity of the email due to several red flags. These include the fact that the email body in itself isn’t well-formatted and contains grammatical & spacing errors.

We encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to click on any suspicious links.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all