Series of phishing attacks launched via brandjacked Office 365 emails

Posted by Akankasha Dewan on 11 October 2018 17:45:57 AEDT

MailGuard has identified 3 similar types of phishing emails making their way into inboxes on late Thursday morning.

The emails are titled as follows: 
7 unread emails for <recipient>
Synchronization was unsuccessful
Office 365 Email Security Verification

Screenshot from 2018-10-11 15-15-23 (004)

All three scams use very similar messages. They are all short plain text, advising the recipient that there was a problem with their mailbox.

Screenshot from 2018-10-11 15-13-02 (004)

The emails actually came from multiple compromised email addresses.

 Screenshot from 2018-10-11 15-14-07 (004)

To solve this problem, the emails encourage users to click a link to recover or read messages.

Unsuspecting victims who click on the link are led to a copy of the Office 365 Log In Page, that is hosted on multiple compromised websites.

This is actually a phishing page, designed to steal the recipient’s email address and password.

Screenshot from 2018-10-11 15-17-45 (002)

How can you protect yourself from these types of email scams?

  • Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain.
  • Be alert for strange sentence structure, or phrasing uncommon to the apparent sender.
  • Never sidestep formal processes for payments. If in doubt, ring the apparent sender. If they’re not available, wait until they are. A funds transfer is better to arrive later than to be lost without a trace to an overseas cybercriminal.
  • Implement scam-proof approvals processes for financial transfers such as two-factor authentication, which requires two employees to sign off on wire transfers
  • Education is imperative. Teach staff and employees what fraudulent emails look like. 
  • Ensure your email security is up to scratch. A cloud-based, threat detection service such as MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.

For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates. 

Keep Informed with Weekly Updates


Topics: Phishing email fraud Threat Update office365 credential stealing emailscam fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all