Fake Office 365 spam alerts used for phishing attacks to steal credentials

Fake Office 365 Spam Alerts Phishing Attacks Credential Stealing Identity Theft

An unidentified group of malicious threat actors is using Office 365 spam alerts for phishing attacks that request targets to review their blocked messages so that they can steal their victims’ MS credentials.

These fake Office 365 phishing emails can be deceiving to most users since it utilises an email address named “quarantine[@]messaging[.]microsoft[.]com” sent to potential victims and portrays a name matching the target’s domains.


Furthermore, the malicious threat actors behind the fake Office 365 spam alerts have attached the official O365 logo and embedded links to Microsoft’s policy and privacy statement at the end of all their malicious emails.


Unfortunately for the threat actors, the phishing messages coded in the email consist of text formatting problems and unnecessary spaces that would allow sophisticated targets to spot and sense something malicious going on with the alerts.

However, suppose a target cannot identify the maliciousness of the phishing email. In that case, the marks will be given 30 days by threat actors to review the spam messages by accessing Microsoft’s Security and Compliance Center by clicking the attached link’s review button.

After clicking the review button, the victim will be redirected by the fake email to a phishing webpage instead of reaching the Office 365 domain. Then, this phishing web page will then request the victims to input their Microsoft credentials to access the spam messages needed to be reviewed by them.

When the targets fill out the needed credentials on the phishing page, their MS accounts’ details will be sent by the malware to a threat actor operated servers.

If the user gets tricked by this phishing campaign, their Microsoft’s credentials will later be utilized by the threat actors to take over their accounts and obtain access to all their details.

According to experts, users who will accidentally provide their Microsoft accounts to threat actors will be problematic since they can allow cybercriminals to access sensitive data like calendar schedules, emails, contacts, passwords, and more.

Phishing attacks constantly victimise office 365 users since threat actors can gather many credentials in one fell swoop. Researchers believed that the functions of a single Office 365 account attract cybercriminals because it shoulders many branches of Microsoft like MS Office, Planner, Outlook, and many more.

Phishing attacks, especially if successful, can cause several problems to users, such as fraud attempts and identity theft. To remain safe against these kinds of attacks, users must know and analyse every detail of an unwanted message they will receive since threat actors can execute numerous ways to cause several problems to their victims.

About the author

Leave a Reply