Phishing Targeting Office 365 Accounts

News, Security

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1]

You might receive an email that looks like a legitimate company like Master Card. The email might be letting you know ou have unusual activity and you need to verify that. Except the email is being sent from an email address in Russia.

The current phishing threat looks very convincing.

fake_email_from_office_365_pdf

Where it says not Microsoft, it could be something like JillyJoeandSuesShoeBarn.com. It is not Microsoft and that means that the link will take you to a page where you put in your username and password. Instead of that logging you into your account it simply steals your information and gives it to the people who made the phishing attack in the first place.

fake_email_from_office_365_pdf-2

Be careful when it comes to unsolicited emails from large companies. Check who the email is from. Is it from Microsoft? It may look like it is in the email, but the only sure-fire way to be sure is to check and make sure that it is from the Microsoft domain.

References:
1. Wikipedia: Phishing