Think twice before paying this invoice supposedly from Office 365

Posted by Akankasha Dewan on 25 October 2019 11:02:05 AEDT

A new email scam detected by MailGuard is purporting to be from Office 365 to try and gain the trust of potential victims.

First detected on Wednesday morning (23rd of October 2019), the malicious emails appear using a display name of ‘Microsoft Online Services Team’ and state in the subject that an invoice ‘with Microsoft Office 365 Service is due’.

The email body appears as an official notification from Office 365. It advises recipients that to ‘make payment’, they need to ‘log in’ via a given link. The recipient’s ‘account information’ and ‘payment account number’ is also included.

Here is a screenshot of the email:

invoice 2310_edited

Unsuspecting recipients who click on the link to ‘make a payment’ are led to a fake Microsoft Office-branded login page that requests them to ‘sign in’ using their username and password, as per the below:


This is actually a phishing page designed to harvest confidential information of recipients.

After ‘logging in’ recipients are led to the legitimate portal to log into their accounts.

This email attack is not a very well-designed attack compared to some of the more sophisticated scams we see here at MailGuard.

The email in itself contains spacing errors; a red flag to anyone conscious of email security concerns. For example, the email says, ‘Kindly confirm signed proforma Invoice, we will proceed to arrange your payment accordingly’.

The above email scam is, nevertheless, a great example of how cybercriminals can leverage routine business correspondence to trick unsuspecting recipients. 

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
• Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
• Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including grammatical errors)
• Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.

For businesses protected by MailGuard, this phishing email is now 100% blocked. 

If you've received this email, delete it immediately without clicking on any links. 

MailGuard urges email users to remember that cybercriminals prey on the brands that we trust and love, like Microsoft. It's wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

Is your business receiving criminal intent emails?

It's time to get the protection your business needs. 

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing brand exploitation brandjacking fraud ZeroDay spoofing fastbreak Microsoft Office 365

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all