Forum Discussion

admin null's avatar
admin null
Copper Contributor
May 30, 2017

Is this a Phising mail?

 Hi. One of my user received the attached message earlier today.  To me it definitely looks like phishing.  The user clicked on the "Cancel Closure Process Now" link, and provided email and password

 

Is this something to worry about?

 

Perhaps MS can shed some light on this.

 

Regards,

 

Elvyn

 

PD: user/domain info has been removed from the email for security purposes

 

 

 

 

 

 

From: Office Microsoft365
Date: Tuesday, May 30, 2017 at 4:36 AM
To: Katia Rios <user1@xxxx.com>
Subject: Internal Server Process

 

Microsoft Office365

Dear user1

Your user1@xxx.com internal server has requested for the closure of your account.
we see this to be unusual.we require you to cancel this process within 12 hours.
failure to cancel this process will lead to the deactivation of your Office365 account.

https://instalatiimartartin.ro/wp-content/upgrade/lol/index.php/?email=k.rios@rioslegal.com



If you are unable to sign in to your account or if unauthorized changes have been made to your office365
account, please contact our customer support team for assistance: +1 (488) 345-1630

This message was sent from the email address which is not monitored. Do not reply to this message.
Privacy | legal notices

Microsoft Office
One Microsoft Way
Redmond, WA
98052-6399 USA

office 365

5 Replies

  • Cian Allner's avatar
    Cian Allner
    Silver Contributor
    Jun 01, 2017

    Another example of an Office 365 related phishing email:

     

    https://twitter.com/ddoomen/status/870359624515452928

     

    Office 365 is a big target it seems for phishing campaigns.  The wording gives this one away but could still trick the uninitiated.

     

  • Cian Allner's avatar
    Cian Allner
    Silver Contributor
    May 30, 2017

    Just to add, phishing attacks can be really convincing, check out this Office 365 spoof login attack via a phishing email courtesy of Maarten Eekels.  How many users would fall for this?

     

     

    User education is one of the best things that can be done to combat this as however good EOP is, some of these will get through or come in via other means.

  • Cian Allner's avatar
    Cian Allner
    Silver Contributor
    May 30, 2017

    Yes, your instincts are right this is a phishing email.  If you haven't already, I'd reset the victims account password as it sounds like they submitted their details.

     

    Phishing emails are predominately used to deliver a ransomware payload. Perhaps share these links with the user, as it has good advice from MS on how to spot this types of attacks if you haven't got your own guidance that you can point them to -

     

    https://support.office.com/en-US/article/Protect-yourself-from-phishing-schemes-and-other-forms-of-online-fraud-F84750B4-2F2C-46C3-89F6-E65F7F8C3546

     

    https://www.microsoft.com/en-us/safety/online-privacy/phishing-scams.aspx

     

    https://www.microsoft.com/en-us/safety/online-privacy/scams.aspx

     

  • C_the_S's avatar
    C_the_S
    Bronze Contributor
    May 30, 2017

    Totally bogus e-mail.

    You need to warn your user to never ever click on links in e-mail no matter how authentic they may look.

Resources