We have learned that a phishing attack is being deployed that uses fake Office 365 notifications to ask recipients to review blocked spam messages and ultimately steal their Microsoft credentials.
Microsoft users are being targeted by rogue “spam notification” emails informing them that their messages have been quarantined by the Security and Compliance Center. This is an attempt by cyber criminals to lure unsuspecting victims into stealing sensitive Microsoft Office 365 information. The attack is unique in that it mimics Microsoft’s email security measures, which can be confusing to users.
What is particularly compelling about these phishing emails is that quarantine[at]messaging.microsoft.com is used to send them to the target, and the display name matches the recipient’s domain.
In addition, the attacker embeds the official Office 365 logo and includes a link to Microsoft’s Privacy Statement and Acceptable Use Policy at the end of the email.
Fortunately, this phishing message contains text formatting issues and improper spaces that allow us to discern that these emails are malicious.
This contains the body of the message informing the recipient that the spam message has been blocked and quarantined so that the recipient can check it.
The target is to click on the embedded link to access Microsoft’s Security and Compliance Center to review the quarantined messages, and when they click on the “Review” button, they are not taken to the Office 365 portal, but to a Instead, they are sent to a phishing landing page that asks them to enter their Microsoft credentials in order to access the quarantined spam messages.
When you enter your credentials in a malformed form displayed on a phishing page, your account details are sent to a server controlled by the attacker.
The victim’s Microsoft credentials are later used by cyber criminals to take over the account and access all the information.
Providing Microsoft account details to cybercriminals means they can gain unauthorized access to sensitive data such as contacts, calendars, and email correspondence
Target of phishing attack
Office 365 customers continue to be targeted by phishing attacks that attempt to obtain their credentials and use them for fraudulent activities.
In August, Microsoft revealed that a highly sophisticated spear phishing attack has targeted Office 365 users repeatedly since July 2020.
We also warned about phishing activities that have been deployed since December 2020 to steal approximately 400,000 OWA and Office 365 credentials, then exploit legitimate accounts to bypass Secure Email Gateway (SEG) protections.
Additionally, in late January 2021, Redmond notified Microsoft Defender ATP subscribers of an increase in OAuth phishing (consent-based phishing) attacks targeting remote workers.
If a phishing attack is successful, the repercussions can extend to identity theft and fraud, including BEC (Business Email Compromise) attacks.
For example, since last year, the FBI has been warning about BEC email attacks that exploit popular cloud email services such as Microsoft Office 365 and Google G Suite in Private Industry Notifications issued in March and April 2020. The FBI has issued Private Industry Notifications in March and April 2020 warning about BEC email attacks that exploit popular cloud email services like Microsoft Office 365 and Google G Suite.
The U.S. Federal Trade Commission (FTC) also revealed that the number of privacy reports doubled last year compared to 2019, reaching a record high of 1.4 million reports for the year.
Translated with www.DeepL.com/Translator (free version)
Comments