Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Warning! Nasty new Office 365 phishing attack doing the rounds

3 min. read

Updated onJuly 31, 2021

updated onJuly 31, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

A new and very nasty phishing attack has been doing the rounds, and it is extremely difficult to spot. Here is what you need to look out for.

First of all, we should thank Xavier Mertens for being the first to spot it. If you want to see the code that the phishing attack uses, pop over tothis website.

How does this attack work?

A recipient gets a Non Delivery Receipt (NDR) from what looks like a trusted account. It tells the recipient that “Microsoft found several undelivered messages”.

The next step that the phisherman wants you to do is click the ‘Send Again’ button. This will take you to a page that looks very much like theOffice 365page.

Fake phishing attack login page

Check out the website address in the image above. It is obviously not the address ofOffice 365, Microsoft, Windows, or anything remotely linked to Microsoft, and yet I am sure many people entered theirlogininformation.

When you do enter yourlogininfo, you get sent to Outlook, so it looks very much like you have not been phished. Unfortunately, yourOffice 365logindetails have just been sent to the bad guys, and they now have access to yourOfficeAccount and everything that goes with it.

Genuine Non Delivery Receipt

Now, you all know how much I love to rant against Microsoft (in a constructive way, of course), but I really don’t think we can blame Microsoft for this. While the email address for the original phishing attack looks like it is ‘sort of’ official, there is no way that anyone should fall for theloginaddress.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.Install now Cyberghost VPNand secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

Guys, always check the web addresses and if you are in any doubt, do NOTloginfrom a link. Go into your browser and type in the address you want in the normal way, and thenlogin. It ain’t rocket surgery, guys, just basiconline safety rules.

Have you received this phishing attack. Did you spot it asphishingimmediately, or did you have to double check? Or did you fall for it? Don’t worry if you did; I fell for a PayPal phishing scam once. The address was PayPel. In my defence, it was about 10 years ago. Let us know in the comments below.

RELATED ARTICLES YOU SHOULD CHECK OUT:

More about the topics:Cybersecurity,Phishing

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina