To help offset our carbon footprint, we have partnered with One Tree Planted to plant trees for each sale of computer hardware at no additional cost to our clients
Learn More

let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us

info@domain.com
example@domain.com

Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

New Phishing Email States Your Office 365 Account Will Be Deleted

  • By SouthridgeTech
  • 773 Views
Scroll

Phishing Email States Your Office 365 Account Will Be Deleted

Recommended by Kim on our support desk
By

Phishing

A new phishing campaign is underway that pretends to be from the “Office 365 Team” warning you that your email account cancellation has been approved and that all your email will be deleted unless you cancel the request within the hour.

This particular phishing campaign is interesting as it uses an uncommon bait of the risk of losing all your email and a time limit to make you act quickly and potentially without thinking.

These phishing emails have a subject line of “Urgent Request” and state that unless you want your email account to be canceled and your email to be deleted, you need to cancel the request.

 
Office 365 Phishing Email
Office 365 Phishing Email

The text of this phishing scam can be read below.

Dear user:sales
Your request on  5/27/2019 7:28:58 a.m. to remove your email from our server has been approved,

Are you sure you want to terminate our service to you?

Ignore to continue with removal in exactly one(1)hour you read this notice or 

CANCEL THIS REQUEST NOW

Excel Online

If you click on the “CANCEL THIS REQUEST NOW” link, you will be brought to a fake “Microsoft Office Support | Account Update” page that prompts you to sign in to cancel the request. This page is actually a survey created in Excel Online.

Phishing Scam Landing Page
Phishing Scam Landing Page

As this page is hosted on live.com, the site is secured with a certificate signed by Microsoft, which add legitimacy to the landing page.

Microsoft Certificate
Microsoft Certificate

After a user enters their credentials, the landing page will thank them and state that their “response was received.” The attackers can the collect the submitted credentials at their leisure.

Legitimate Microsoft Login Page
Legitimate Microsoft Login Page

As the form is located on onedrive.live.com, and that host actually does contain the legitimate login page https://onedrive.live.com/about/en-us/signin/, it makes this scam harder to spot.

In this particular case, the word survey in the URL would have been your best clue. Furthermore, if you ever receive emails from Office stating that your account will be canceled or some other admin like request, you should always speak to your network administrator first before doing anything on your own.

Thx to Michael Gillespie for the sample.

 

Lawrence Abrams

 
Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence’s area of expertise includes malware removal and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.
0Likes

Related Posts

Blog
Prepare for Windows 10 End of Life: Ensuring Compliance and Security with Windows 11
Blog
The Importance of Implementing a Password Management Solution for Small Businesses
Blog
Protecting Your Facebook Account from Hacking: Best Practices and Key Differences