Clever new phishing scam targets Microsoft users

Clever new phishing scam targets Microsoft users
© Dennizn | Dreamstime.com

In 2020, phishing has become one of the internet’s most popular cyberattacks. It’s an easy way for cybercriminals to steal logins and data, and rarely requires any of the complex skills you’d need to break into someone’s computer.

And with so many of us spending all of our waking moments indoors this year, there are more opportunities to phish for victims than ever. Tap or click here to see why these kinds of scams are on the rise in 2020.

But if you thought phishing campaigns only targeted email and social media accounts, think again. A new strain of phishing scam is targeting Microsoft Office 365 accounts, and if you fall for the bait, you could lose access to troves of personal documents. And to make matters worse, they’re getting away with it thanks to Google’s help! Here’s how.

Phishing campaign uses Google Ad Services with ghoulish efficiency

According to a new security alert from researchers at Cofense, threat actors are taking advantage of Google Ad Services to disguise their efforts and redirect victims to dangerous phishing websites.

The phishing campaign, like many others before it, is centered around stealing login information. This time around, though, it’s Microsoft office 365 accounts that are in the crosshairs.

Here’s how it works: Victims receive a high-priority email in their inbox with the subject line “Recent Policy Change.” The email, in most cases, purports to be from Microsoft, but a quick glance at the sender field shows you that isn’t the case. The sender email, however, will usually contain the word “security” to make it seem more authentic.

In the email’s body, victims will get instructions telling them to agree to updated terms of service and privacy policy, or else risk losing access to Microsoft Office. Below this “urgent” notice, two buttons labeled “Accept” and “Learn More” are available for victims to click on. Hilariously, clicking on either button takes you to the same phishing site.

But here’s where things get weird. When you click on the link from the email, you’re redirected to what appears to be an ad hosted by Google itself. This isn’t abnormal, as Google is responsible for hosting millions of ads across the internet. But after spending less than a moment on the “ad,” the page redirects you to a fake Microsoft Office login.

And yes, you guessed it, this fake login page is where the hackers steal your information.

This scam is unusual for several reasons, but the most notable one is how it harnesses the power of Google Ad Services to fly under the radar. In order for the “ad” to even function, this means the hackers behind the campaign spent real money to set the page up. And because the ad is hosted by a legitimate faction (Google), it can easily pass spam detection filters.

What can I do to protect my accounts?

Just like with most phishing emails that claim to come from an “official source,” the whole narrative falls apart as soon as you take a peek at the sender field of the email. This is where it says “From:” followed by the sender’s email address.

If you get an email with the subject line “Recent Policy Change,” and if the sender field features the word “security” in the sender’s email address, ignore it! These are the biggest red flags for the scam.

But while you’re at it, make a habit of checking the sender field of every single email you receive. It’s absolutely worth doing and can save you hours of heartbreak (and your personal data, potentially).

If you already made the mistake of clicking the link, you’ll need to get in touch with Microsoft to reset your passwords immediately. Try to create new passwords that are much harder to guess, so any hackers with access to your account will be caught flatfooted. Tap or click here to see how to generate stronger passwords.

In addition, it doesn’t hurt to scan your computer for signs of viruses, or potentially even restore your Windows computer to factory settings. Tap or click here to see how to do this.

If you do reset your PC, however, make sure you’ve saved your most valuable data to a secure cloud backup system like our sponsor IDrive. With IDrive, you get the benefits of encrypted storage that keep your data safe from hackers, as well as the flexibility of the cloud, which means you can download all of your files back again from anywhere you go.

Save a whopping 90% when you sign up at IDrive.com and use promo code Kim at checkout. That’s less than $7 for your first year!

Tags: cyberattacks, cybercriminals, Microsoft Office 365, phishing, scam, security