Convincing Microsoft phishing uses fake Office 365 spam alerts

silversurfer

Level 83
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,298
A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.

What makes these phishing emails especially convincing is the use of quarantine[at]messaging.microsoft.com to send them to potential targets and the display name matching the recipients' domains.
Additionally, the attackers have embedded the official Office 365 logo and included links to Microsoft's privacy statement and acceptable use policy at the end of the email.

Luckily, the phishing messages come with text formatting issues and out-of-place extra spaces that would allow spotting these emails' malicious nature on closer inspection.

"The email subject is 'Spam Notification: 1 New Messages,' alluding to the body of the email that informs the recipient that a spam message has been blocked and is being held in quarantine for them to review," cloud email security provider MailGuard who spotted this campaign said.