Office 365 Phishing Attack

Marcelo Orlandi
Office 365 Phishing Attack

You may remember a post where I discussed Phished credentials, where bad guys were targeting users to steal their credentials.

Well, this is not very different. This time, the State of Security  has published an article where they informed that Office 365 users are being targeted in phishing attacks with the aim of obtaining their credentials.

In this case they are using a weird, however effective, method. They are using fake non-delivery notifications. Well that is new, isn’t?

How many times in the past have you sent an email to a misspelled email address, instead of sending it to JOHN@DOMAIN.COM.AU you sent to JHON@DOMAIN.COM.AU and you got a non-delivery notification. In that scenario, receiving this type of notification may be “real”.

Here is a real non-delivery notification from Outlook, for your reference:

However, keep a good eye on the error and never, let me emphasize, NEVER click any links within any of these emails! Basically, this type of email should not have any links to click. If in doubt, check your sent items to be sure.

There are tools, services and applications out there to reduce the likelihood of these emails reaching your inbox. If you have any doubts, just contact our sales team to get more information.

As always, be safe out there. Until next Malware Monday.