Beware: New Microsoft Office 365 Phishing Scam Email

By Andrew Swindell
26 February 2018

Tags: #LoveBedford  #Microsoft  #Office365  #Office365PhishingEmail  #Office365PhishingScam  #Phishing 

Office 365 Message Center - Regain your inbox access - phishing scam

While phishing scams are commonplace and in general, savvy web users know what to look out for, for many there's still that 'double-take' moment when a speculative scam email resonates.

This morning one landed in my Inbox and whilst rudimentary in its appearance compared with more carefully designed phishing scam emails, the approach of this one is subtle enough to make it worthy of a quick mention.

So here's the email:

The Breakdown: (numbers explained)

  1. The immediate tell-tale sign of a phishing email.
    This has not come from the official Microsoft domain name. In fact they haven't even bothered to try registering a domain name with 'Microsoft ' in it.
  2. They've been clever about the nature of the approach here.
    The wording sounds like a security email would. It talks in general terms about what 'could' be the cause of this issue and claims to have blocked the attempt for you. How very helpful of them...
  3. So here's the thing...
    After attempting to gain your trust by taking protective action to keep you safe, they attempt to abuse that trust by getting you to click the 'Restore Access' button.

    Hovering over the button in Microsoft Outlook reveals the link behind it (below - copied into Notepad and screengrabbed/blanked out).

As you can see, the domain name used is NOT an official Microsoft one, despite a weak attempt at including the word 'Office'.

What happens when you click on it?

Don't bother finding out! Clicking it will most likely result in notifying the scammer that stage 1 of their attempt to steal your info was successful, and lead you to a website that looks like a reasonably genuine Office365 page, where it will ask you to login to 'restore your access' or suchlike.

If you don't, you'll have already flagged youself as a potential target, opening yourself up to more attempts in future.

Here's how to deal with it.

Report it to Microsoft by either creating a blank email to [email protected] and sending the phishing email to them as an attachment, or by using the tools available in either Microsoft Outlook or Outlook on the web, as detailed here.