Relentless Spammers Phish Office 365 Users

Posted by Rebecca Prince on October 12, 2017

Office 365 Phishing

Lately, it seems the spammers trying to fish for your login credentials for your Office 365 account are working overtime. A barrage of phishing spam has been hitting inboxes and they are relentless this time. The subjects change, the message change, and they are becoming so flawless in their phishing “artistry” that it is nearly impossible to tell if they are real or not. Odds are, however, that they are most certainly NOT legitimate, so pay close attention and use your phishing detectors to weed them out of your inbox.

In the latest versions, they have sent malicious links saying, “an important document” is at the other end of it, that your account will be suspended unless you click a link to update some details, and even that “Office 365 has flagged your Account, because of a violation of our Terms of Service.”

Office 365 Phishing.png

Always watch for signs of phishing:


1. Malicious email messages often arrive from legitimate email addresses.

It’s not difficult to create an email address from a well-known email service or to make one look like a sender you know. Not long ago, a previous wave of attacks hit Office 365 users. These attacks will likely continue as more people start using this service.

2. Attackers take advantage of information they find on social media and other internet places

All that information that is floating around on the Internet may be, and likely is used against you in some way. In this case, it’s to spam your email address. Attackers can “harvest” personal data off various social media like Facebook and LinkedIn to personalize their messages. Personalized messages are 40% more likely to get someone to click a link or open an attachment.

3. Still be on the lookout for typos and poorly written text and hover over links first

These phishers are getting quite “professional” at crafting messages. However, there are still plenty of them that get out with typos, poor grammar and punctuation, or that are not written in the proper native language. You can also hover over any links to see where they are going. If it isn’t going to where you expect it to, it could very well be phishing and you should definitely not click it. On mobile devices, you can hold your finger on them for a few seconds and the entire link will appear. Just be sure to hold it long enough that it doesn’t actually go to the site.

4. Expect the unexpected

When it comes to email messages, any link or attachment that hits your inbox should be met with suspicion if it was not expected. This applies even if it looks like it came from your colleague, a vendor, or your mother. If it has something to do with an account, rather than clicking a link or attachment go directly into your online account and check on status there. If it’s something else, take a minute to place a phone call, send a text, or pay a personal visit to the sender before taking action on the email.

5. If there is a threat or a sense of urgency, it may very well be phishing

Often scammers will try to create a sense of urgency in their messaging so users will get anxious and just click something. Don’t let fear get the best of you. If it’s so important that you can’t take a few minutes to examine it first, they would try to reach you some other way, such as by phone.

Phishing in all its forms (spear-phishing, whaling) continues to be very effective and can be quite lucrative for attackers. While it is always important to have security tools installed and kept updated on your devices, you will always be the final line of defense for phishing. So keep your eyes open and don’t fall for any of the Office 365 lures that may be coming your way.

 © Copyright 2017 Stickley on Security All Rights Reserved

Topics: Security