Office 365 users targeted in new phishing attack — Microsoft issues warning about crafty cybercriminals

Office 365 (Image credit: Microsoft)

Office 365 users are now in cybercriminals' crosshairs in a new phishing campaign, according to a warning the Microsoft Security Intelligence (MSI) team issued via Twitter. Malicious actors are using email addresses that appear to be legitimate with display names that mimic bona fide services to dodge email filters.

Microsoft cautioned that cybercriminals are going above and beyond to use detection-evasion techniques that are worryingly convincing and authentic-looking.

Microsoft warns Office 365 users of "crafty" new phishing campaign

The MSI team discovered a new email phishing campaign that it describes as "crafty."

"An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters," MSI explained on Twitter.

The deceptive phishing campaign targets Office 365 organizations with employees who often send attachments to co-workers. MSI found phishing emails that seemed as if they were sent from a trusted source. Many of these emails contained faux Microsoft SharePoint attachments with labels such as "Price Books," "Bonuses" and "Staff Reports."

The emails use a SharePoint lure in the display name as well as in the message, which poses as a "file share" request for supposed "Staff Reports", "Bonuses", "Pricebooks", and other content, with a link that navigates to the phishing page. pic.twitter.com/c33awiAeH4July 30, 2021

The phishing emails use a tactic called "typosquatting," which involves registering deliberately misspelled domains that, at first glance, look close to a well-known brand. Most quick readers would overlook the subtle typo.

If users fall for the bait and click on the "Open" link, it will lead them to a page that lures them to type in their Microsoft or Google credentials. According to MSI, these sign-on pages look very convincing, making users believe that they're on a trustworthy path to a legitimate website.

MSI kept emphasizing how authentic these phishing emails looked. As such, employers may not be able to rely on their employees' good judgment to identify suspicious-looking emails. That's why MSI shamelessly plugged its Microsoft Defender for Office 365 program as a solution, adding that this software "detects and blocks" these emails.

Phishing attacks are a huge thorn in the side for many popular companies like Netflix and PayPal, but the Redmond-based tech giant should be particularly concerned. According to a CheckPoint Research study, Microsoft topped the list as being the most imitated brand for phishing attacks.

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!