Microsoft Warns Office 365 Users of New Phishing Campaign

Microsoft’s Security Intelligence team issued a warning on Twitter to be on the lookout for an active phishing campaign targeting Office 365 users.
Phishing Email Users
Phishing is when an attacker emails or texts people pretending to be a legitimate company to trick them into giving up their personal information. A common phishing attack is an email that looks like it came from your bank. When you click on the log in button via the email, it takes you to a website posing as the bank’s website, and it steals your username and password when you log in.

An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.
— Microsoft Security Intelligence (@MsftSecIntel) July 30, 2021

Microsoft says that in this campaign use a SharePoint file share request for documents like “Staff Reports,” “Bonuses,” “Pricebooks,” and more. These contain a URL to a malicious web page that asks people to sign in with their Office 365 credentials. The team says that Microsoft Defender for Office 365 detects and blocks these emails.
Tags: Microsoft, phishing, Security, Security Friday