Phishing email campaigns are a renowned tool that is prominently used by the cyber phishing criminals. They keep sending phishing email tenaciously with the hope of reeling potential victims in their pitched net.
These opportunistic cyber phishing criminals never cease to craft e-mails & websites that look legitimate ones. Perceiving the illicit or fake message can be strenuous task to a non-technical eye.
Imagine a careless click on a phishing mail can let the cyber criminals take over your entire Office 365 account.
Yes, a recently discovered Email phishing Scam professing as Office 365 Non-Delivery Notification is being used by the scammers to steal user’s login credentials by redirecting them to a malignant page. This new Office 365 Phishing attack was brought to light by ISC Handler Xavier Mertens.
Xavier Mertens, the security researcher, says that the Email phishing Scam was discovered while he was reviewing the latest data accumulated by his email “honey pots”.
The Office 365 Phishing attack initiates with an e-mail that impersonates as a Office 365 Non-Delivery Notification asserting that Microsoft has detected certain undelivered messages in users’ account.
Without a hitch, the scammers take the innocent users into thinking that the notification is legitimate. The phishing email contains a “Send Again” button which redirects to a phishing page when users click on it. The phishing page bears resemblance to a real Office 365 login page.
A JavaScript function called sendmails(), embedded in the phishing page sends user’s login credentials to sendx.php script after the user has entered his username & password.
Surprisingly, once the credentials are harvested the users will be redirected to the legitimate Office 365 login URL in order to convince them that everything is fine & dandy.
However, do not be deceived as this is a mere trick used by cyber criminals to steal your Microsoft Account Credentials.
With pacing advancement in technology, misleading & swindling the innocent users has become a child’s play. Therefore, it is mandatory for the users to stay a step ahead of the ruinous schemes of Cyber Phishing criminals.
Pay attention to both the Non-Delivery Notifications.
You can note that Non-Delivery Notification from legitimate Office 365 simply gives a quick rundown on how to fix the problem & does not contain any link to resend the undelivered e-mails. The difference between the two notifications is precise & narrow; however the entire Phishing Scam is dependent on it.
Hits: 137
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.