Email Phishing
News | 12/19/2018

Office 365 stung by Email Phishing

About: According to a recent tech report, cyber criminals are using email phishing scam that impersonate Office 365 Non-Delivery Notification. Scammers lead the users into thinking that the notification is legitimate. The e-mail contains a “Send Again” ...  Read More  

| News | Office 365 stung by Email Phishing

Phishing email campaigns are a renowned tool that is prominently used by the cyber phishing criminals. They keep sending phishing email tenaciously with the hope of reeling potential victims in their pitched net.

Office 365 Scam

These opportunistic cyber phishing criminals never cease to craft e-mails & websites that look legitimate ones. Perceiving the illicit or fake message can be strenuous task to a non-technical eye.


Imagine a careless click on a phishing mail can let the cyber criminals take over your entire Office 365 account.


Yes, a recently discovered Email phishing Scam professing as Office 365 Non-Delivery Notification is being used by the scammers to steal user’s login credentials by redirecting them to a malignant page. This new Office 365 Phishing attack was brought to light by ISC Handler Xavier Mertens.

Insight in to New Office 365 Phishing attack

Xavier Mertens, the security researcher, says that the Email phishing Scam was discovered while he was reviewing the latest data accumulated by his email “honey pots”.


The Office 365 Phishing attack initiates with an e-mail that impersonates as a Office 365 Non-Delivery Notification asserting that Microsoft has detected certain undelivered messages in users’ account.

Capture 3


Without a hitch, the scammers take the innocent users into thinking that the notification is legitimate. The phishing email contains a “Send Again” button which redirects to a phishing page when users click on it. The phishing page bears resemblance to a real Office 365 login page.


A JavaScript function called sendmails(), embedded in the phishing page sends user’s login credentials to sendx.php script after the user has entered his username & password.

Office 365 Users, do not be deceived!

Surprisingly, once the credentials are harvested the users will be redirected to the legitimate Office 365 login URL in order to convince them that everything is fine & dandy.


However, do not be deceived as this is a mere trick used by cyber criminals to steal your Microsoft Account Credentials.

Capture 2


With pacing advancement in technology, misleading & swindling the innocent users has become a child’s play. Therefore, it is mandatory for the users to stay a step ahead of the ruinous schemes of Cyber Phishing criminals.


Pay attention to both the Non-Delivery Notifications.

Capture 1


You can note that Non-Delivery Notification from legitimate Office 365 simply gives a quick rundown on how to fix the problem & does not contain any link to resend the undelivered e-mails. The difference between the two notifications is precise & narrow; however the entire Phishing Scam is dependent on it.

Protection against Phishing Attacks

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Sophos and Vipre so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.

Hits: 137

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866