03 Mar Beware this Office 365 phishing scam
I received two email attempts at phishing Office 365 credentials today and so I’m sharing them to help you not get sucked in.
First, here’s the subject and body of the email:
Microsoft 0utlook Team <[email protected]>
Final Notice 03-03-2017 (One-step validation process)
Your Microsoft Outlook Account Requires an Urgent Validation to ensure it would not be deactivated within 24 hours.
Proceed to Microsoft Outlook Validation page by clicking on the icon below to get started
Thank you for using Microsoft Outlook
To stop separating items that are identified as clutter, go to Options. To stop receiving notifications about Clutter, go to Options and turn them off. This system notification isn’t an email message and you can’t reply to it.
There are a few things to note about this phishing scam email. First, the O in Outlook is actually a zero. The email address is not an official Microsoft email address. Any communications from Microsoft will identify you by name, not “User” followed by two commas (I guess they’re just making sure). Finally this email is in an HTML format and the source code is as follows:
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″>
<meta name=”viewport” content=”initial-scale=1.0″>
<body topmargin=”0″ leftmargin=”0″ style=”margin: 0px; padding: 3px 0px; font-family: Helvetica, Arial, sans-serif;” bgcolor=”#ebebeb” marginheight=”0″ marginwidth=”0″><p><a href=”http://gioiellerieoropiu.com//image/data/clockmade.htm“><img src=”cid:[email protected]”></a></p><p>.</p></body></html>
As you can see from the above source code for the email this whole message is an image that links to a spoofed Microsoft Office 365 login page. When you arrive at that page the first thing you will see is a popup box that your session has expired and imploring you to login again.
As always note the URL at the top of the window. This tells the truth about this scam with a temporary random URL bought specifically to run this scam. Because it is random you may be taken to a different URL, but it will still be the same basic idea.
Regardless of whether you click the X to close it or click OK you are then taken to this spoofed page:
Notice two things in the address bar that I’ve highlighted. First is Google Chrome warning that it’s not secure. Microsoft’s login pages are all secure and will tell you that. Second is the link. Office 365 login is login.microsoftonline.com. Unless you see those two things in the address bar, do not click on them or submit any information.