If you use Office 365 for email, you’re going to want to read this.

A clever phishing attack, targeted towards Microsoft Office 365 users, is using fake, non-delivery notifications in an attempt to steal users’ credentials. This new campaign was discovered by ISC Handler Xavier Mertens and states that “Microsoft found Several Undelivered Messages.”

The attack launches when a user receives a fake non-delivery notification from Microsoft such as the one shown below:

For comparison sake, here’s what a legitimate non-delivery notification for Office 365 looks like:

When a recipient clicks on the Send Again link, they are brought to a phishing site which impersonates the legitimate Office 365 login. As you can tell by the picture below, the link will end with #[emailaddress], for example #@john@doe.com, which will cause the email address to auto-populate in the page (making it seem that much more legitimate).

Once a user inputs in their password, a JavaScript function called sendmails() sends your username and passwords to the attackers while redirecting the user to the authentic Office 365 login page as if nothing happened.

We encourage our clients to ensure that they are on the correct site when entering their login credentials. Always check the URL to make sure you are on the correct site before entering your login credentials. It sounds simple, but it’s very effective. By simply knowing what email service you use, hackers will customize their attacks using imagery and processes that you are familiar with.

If you would like to learn more about Security Awareness Training for your company, please click here to read more about KnowBe4, a product which Louisville Geek and our clients use on a regular basis. Or, if you’d like to schedule a consultation with a representative from Louisville Geek, please fill out the following form and someone will contact you within 1 business day.

Security Essentials Inquiry