Warning – New domain pretending to be Microsoft could fool a lot of people!
The campaign has so far targeted over 200 million Microsoft Office 365 users, including those working in the financial services, healthcare, manufacturing, and utilities industries. Users receive an email, purportedly from Microsoft, to test a new feature of O365 which states that it allows them to reclaim emails mistakenly marked as spam. When the user clicks the link, however, they are redirected to a fake Microsoft portal which requests they enter their credentials, which are then harvested by the attacker.
This is a timely reminder to always be vigilant and always check the email address of the sender thoroughly.
- Always check the domain of the sender carefully: Micros0ft.com, MIcrosoft.com and Microsoft[.]com are not Microsoft domains.
- If you are on a web page, look at the address in the URL bar – make sure it is the correct domain.
- If you have clicked on a link and entered user information and password, report it to IS&T
- Be extra vigilant on the run-up to Christmas of fake shopping sites that have been made to look like the originals