Office 365 Phishing Scam

Timing is crucial when dealing with information security. It is important that you act fast if you ever feel that you have been a target of a phishing campaign and may have provided a username or email to a malicious website. The following content will demonstrate some of the red flags that were identified from a real phishing email and spoofed Office 365 login page.

Ideally, these red flags would have been noticed and the phishing campaign would not have been successful. However, even though this victim may have fallen for the phishing email, their quick actions prevented a possible breach.

After entering an email and password into the spoofed login page, they realized their mistake and quickly changed their password. Within 10 minutes, failed login attempts to their account were being reported. If the victim had delayed changing their password, the attackers behind this phishing campaign would have had access to all that person’s emails.

Here is an example of the email that was initially received, notifying them that their mailbox was almost full and required action.

In this example, the email was timed perfectly as this person was already conscious of their mailbox size and was intending to clear out old emails.

This email has a couple of red flags that should stand out:

After clicking the blue button, a browser window opened up with what appeared to be the Office 365 login page. This login page perfectly spoofed the legitimate Office 365 login page, right down to the crawling dots that appear after entering an email address.

The above screenshot is an actual phishing page trying to collect emails and passwords. This page has two red flags that you should look out for when entering emails and passwords into login pages.

Remember: Act fast if you ever feel that you have been a target of a phishing campaign!