Jump to content

Phishing Email States Your Office 365 Account Will Be Deleted


steven36

Recommended Posts

A new phishing campaign is underway that pretends to be from the "Office 365 Team" warning you that your email account cancellation has been approved and that all your email will be deleted unless you cancel the request within the hour.

This particular phishing campaign is interesting as it uses an uncommon bait of the risk of losing all your email and a time limit to make you act quickly and potentially without thinking.

These phishing emails have a subject line of "Urgent Request" and state that unless you want your email account to be canceled and your email to be deleted, you need to cancel the request.

 


spam email

Office 365 Phishing Email

 

 

The text of this phishing scam can be read below.

Dear user:sales

Your request on  5/27/2019 7:28:58 a.m. to remove your email from our server has been approved,

Are you sure you want to terminate our service to you?

Ignore to continue with removal in exactly one(1)hour you read this notice or

CANCEL THIS REQUEST NOW

Excel Online

 


If you click on the "CANCEL THIS REQUEST NOW" link, you will be brought to a fake "Microsoft Office Support | Account Update" page that prompts you to sign in to cancel the request. This page is actually a survey created in Excel Online.

 

phishing landing page
Phishing Scam Landing Page

 

As this page is hosted on live.com, the site is secured with a certificate signed by Microsoft, which add legitimacy to the landing page.


certificate

Microsoft Certificate


After a user enters their credentials, the landing page will thank them and state that their "response was received." The attackers can the collect the submitted credentials at their leisure.

 


credentials entered


As the form is located on onedrive.live.com, and that host actually does contain the legitimate login page https://onedrive.live.com/about/en-us/signin/, it makes this scam harder to spot.

In this particular case, the word survey in the URL would have been your best clue. Furthermore, if you ever receive emails from Office stating that your account will be canceled or some other admin like request, you should always speak to your network administrator first before doing anything on your own.

 

Thx to Michael Gillespie for the sample.

 

Source

Link to comment
Share on other sites


  • Replies 0
  • Views 318
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...