Skip to Content
© Milkos | Dreamstime.com
Security & privacy

Use a PC? This new Microsoft phishing scam is mighty convincing

Over the last few years, we have seen several phishing and cyberattacks that seemed ingenious. From masking their appearance to hiding in plain sight, criminals will always develop malware to be as untraceable as possible.

But sometimes a virus or malicious code comes along that has security experts scratching their heads. Often it is not the complexity of the malware, but how cunning they can be. Sometimes you can only marvel at the coding.

Such cunning malware has now made its way into Microsoft’s Office 365 software. It’s not the first time that Office 365 has been targeted, as it suffered a similar problem last year. Here is what you need to look out for, and what the virus can do to your machine.

Here’s what you need to know about phishing

Through what Microsoft is calling a “crafty” phishing email, users of the company’s Office 365 are being warned to be on the lookout for a dangerous scam.

Phishing emails are messages that try to trick people into divulging personal information or clickinck on malicious links that infect their device with malware. As the name implies, cybercriminals throw out a lure (the scam email) and hope somebody takes the bait.

It can get tricky when criminals spoof who the sender of the mail is, which is the case with the current campaign Microsoft Security Intelligence is warning against. Spoofing is when criminals impersonate legitimate companies by sending messages that look like they originated from the real deal.

The emails are sent to administrators and users of Office 365, urging them to sign in to a fake SharePoint website, Google cloud web app hosting, or even a bogus Office 365 page. If the potential victim goes ahead, their login details are captured by the criminals and their accounts can be hijacked.

What you can do about it

Microsoft explained that the phishing campaign is using “a crafty combination of legitimate-looking original sender” and spoofed display names to circumvent any email spam filters. The mail goes further by including top-level domains, but with slight variations to the real domain.

Phishing attempts and malware intrusion is getting more sophisticated, but there are ways how you can protect yourself.

  • Enable 2FA – When available, enable two-factor authentication as an extra step to lock down your account. Tap or click here to see how to set up 2FA for your frequently used online accounts.
  • Don’t click that link – Never click on links or open attachements found in unsolicited emails. They could be malicious and lead to tons of problems.
  • Scrutinize the sender’s email address – Look for anything out of the ordinary like small typos or spelling mistakes.
  • Recovering your Microsoft account – If you believe an Office phishing scam has already victimized you, follow Microsoft’s guide here to recover your account.

Keep reading

Hackers impersonating antivirus software in clever phishing attacks

Scam alert: PayPal account ‘limited,’ phishing text claims

Stop robocalls for good with Kim’s eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook