Cybercriminals are spoofing Microsoft Office 365 to send you a spam notification regarding quarantined emails. Don’t fall for this scam!
In a new scam, cybercriminals spoof Microsoft Office 365 by using the email address quarantine[at]messaging[dot]microsoft[dot]com to send you a spam notification. The fake notification claims that a seemingly important email with the subject line “[Your Organization’s Domain] Adjustment: Transaction Expenses Q3 UPDATE” has been quarantined. You are asked to review the email to confirm whether or not it should be marked as spam.
If you click on the Review button in the email, you will be taken to a phony Microsoft Office 365 login page. On this page, you are asked to provide your Microsoft credentials to access the supposedly quarantined email. Any information that you enter on this page will be delivered directly to the cybercriminals.
Remember the following tips to stay safe:
- Never click on a link within an email that you were not expecting.
- This type of attack isn’t exclusive to Microsoft products or Microsoft users. The technique could easily be used on a number of other programs. Always think before you click.
- If you get a notification that you are unfamiliar with, reach out to your administrator or IT department. They can check to make sure the notification is legitimate.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.