Cybercriminals brandjacked Office 365 and sent bogus emails to recipients on Tuesday afternoon as part of a phishing attack.
The emails, seemingly sent from ‘Messages Portal Centre Messages Portal Centre’ trick recipients into thinking that their account has been put on hold until they ‘confirm activity’.
It encourages users to click on a View ‘Activity’ link that leads to a compromised website.
The website page opens to a fake Office 365 login page. Users are then instructed to enter their password on this page to proceed further.
The scam is a classic example of a phishing attack that cybercriminals launch in a bid to steal confidential passwords from recipients.
How to avoid getting scammed
Phishing attacks can be enormously costly and destructive and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company, now.
Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.
9 out of 10 cyber-attacks are delivered via email, so it's essential to have the best filtering service available.