[German]Just a brief warning to users of Microsoft Office 365: You are probably once again in the focus of a phishing campaign. This campaign takes advantage of the license changes for Office 365 that will take effect on October 2, 2018. The aim is to hijack the victims' Office 365 online accounts. So warn family members and employees.
Advertising
Phishing Office 365 users isn't new – seaching Google for 'phishing o' will propose the search pattern 'phishing office 365'.
A new phishing campaign
German blogger Martin Geuß wrote within this article, that after a wave of attacks two weeks ago, a new phishing campaign is already active. The older attack wave suggested that the mailbox at Office 365 was full. Registration was suggested to fix the problems. Those who followed the link and entered their login details were hijacked.
In the new phishing campaign, the criminals take advantage of the circumstance, that Microsoft extends the Office 365 Home/Personal Installation Limits. Martin has shown a phishing mail in which he is allegedly asked to activate his new license extensions in his Office 365 account. Here is a text excerpt – the mail is shown completely by Martin.
We'ar making an update to your subscription, so you can share it with more people and they can use it on more devices. …
Apply to my Account
Martin points out that the sender's address and the destination link do not match Microsoft as the alleged sender at all. Basically, you should not click on any links in e-mails for account login, but enter the login page for the online account manually in the browser. There you can also check if the page is correctly identified by certificates (if this becomes more and more difficult in modern browsers).
Pingback: SkOUT – New Phishing Campaign Targeting Microsoft Office 365 Users – Managed IT Services Provider – Nostra | Dublin, Ireland