• Testimonials vs Reviews in 2018 - What's best for your businessClick to View
  • What's the General Data Protection Regulation and how do I make my website GDPR compliant?Click to View
  • Beware: New Microsoft Office 365 Phishing Scam Email
  • Our Top 5 Tips For Starting Up Your Social MediaClick to View
  • What happens to my .eu domain name and UK website after Brexit?Click to View
  • What does 'mobile first' mean? A web developers' perspective.Click to View
  • A decade in the making… 1WL from 2011 to 2021Click to View
  • Optimise Websites using Google Lighthouse - A complete guide for beginnersClick to View
  • WordPress Website Support - 4 reasons why it's essentialClick to View
  • What is WordPress? Your guide to the best CMSClick to View

Beware: New Microsoft Office 365 Phishing Scam Email

26th February 2019 by Tim

Office 365 Message Center - Regain your inbox access - phishing scam

While phishing scams are commonplace and in general, savvy web users know what to look out for, for many there's still that 'double-take' moment when a speculative scam email resonates.

This morning one landed in my Inbox and whilst rudimentary in its appearance compared with more carefully designed phishing scam emails, the approach of this one is subtle enough to make it worthy of a quick mention.

So here's the email:

The Breakdown: (numbers explained)

  1. The immediate tell-tale sign of a phishing email.
    This has not come from the official Microsoft domain name. In fact they haven't even bothered to try registering a domain name with 'Microsoft ' in it.
     
  2. They've been clever about the nature of the approach here.
    The wording sounds like a security email would. It talks in general terms about what 'could' be the cause of this issue and claims to have blocked the attempt for you. How very helpful of them...
     
  3. So here's the thing...
    After attempting to gain your trust by taking protective action to keep you safe, they attempt to abuse that trust by getting you to click the 'Restore Access' button.

    Hovering over the button in Microsoft Outlook reveals the link behind it (below - copied into Notepad and screengrabbed/blanked out).

As you can see, the domain name used is NOT an official Microsoft one, despite a weak attempt at including the word 'Office'.

What happens when you click on it?

Don't bother finding out! Clicking it will most likely result in notifying the scammer that stage 1 of their attempt to steal your info was successful, and lead you to a website that looks like a reasonably genuine Office365 page, where it will ask you to login to 'restore your access' or suchlike.

If you don't, you'll have already flagged youself as a potential target, opening yourself up to more attempts in future.

Here's how to deal with it.

Report it to Microsoft by either creating a blank email to [email protected] and sending the phishing email to them as an attachment, or by using the tools available in either Microsoft Outlook or Outlook on the web, as detailed here.