cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is this a Phising mail?

admin null
Copper Contributor

‎May 30 2017 08:08 AM

‎May 30 2017 08:08 AM

Is this a Phising mail?

 Hi. One of my user received the attached message earlier today.  To me it definitely looks like phishing.  The user clicked on the "Cancel Closure Process Now" link, and provided email and password

 

Is this something to worry about?

 

Perhaps MS can shed some light on this.

 

Regards,

 

Elvyn

 

PD: user/domain info has been removed from the email for security purposes

 

 

 

 

 

 

From: Office Microsoft365
Date: Tuesday, May 30, 2017 at 4:36 AM
To: Katia Rios <user1@xxxx.com>
Subject: Internal Server Process

 

Microsoft Office365

Dear user1

Your user1@xxx.com internal server has requested for the closure of your account.
we see this to be unusual.we require you to cancel this process within 12 hours.
failure to cancel this process will lead to the deactivation of your Office365 account.

CANCEL CLOSURE PROCESS NOW



If you are unable to sign in to your account or if unauthorized changes have been made to your office365
account, please contact our customer support team for assistance: +1 (488) 345-1630

This message was sent from the email address which is not monitored. Do not reply to this message.
Privacy | legal notices

Microsoft Office
One Microsoft Way
Redmond, WA
98052-6399 USA

Labels:
3,001 Views
0 Likes
5 Replies
Reply
5 Replies
Cary Siemers

‎May 30 2017 08:19 AM

‎May 30 2017 08:19 AM

Re: Is this a Phising mail?

Totally bogus e-mail.

You need to warn your user to never ever click on links in e-mail no matter how authentic they may look.

0 Likes
Reply
Nuno Silva

‎May 30 2017 08:25 AM

‎May 30 2017 08:25 AM

Re: Is this a Phising mail?

Yes is a Phising mail.

 

Are you receiving the mail (Your MX Record) is in Office 365 ? 

 

What are your settings of EOP ?

 

Here are the best practices https://technet.microsoft.com/en-us/library/jj723164(v=exchg.150).aspx

0 Likes
Reply
Cian Allner

‎May 30 2017 09:25 AM

‎May 30 2017 09:25 AM

Re: Is this a Phising mail?

Yes, your instincts are right this is a phishing email.  If you haven't already, I'd reset the victims account password as it sounds like they submitted their details.

 

Phishing emails are predominately used to deliver a ransomware payload. Perhaps share these links with the user, as it has good advice from MS on how to spot this types of attacks if you haven't got your own guidance that you can point them to -

 

Protect yourself from phishing schemes and other forms of online fraud

 

Email and web scams: How to help protect yourself

 

Protect yourself from scams

 

0 Likes
Reply
Cian Allner

‎May 30 2017 09:41 AM

‎May 30 2017 09:41 AM

Re: Is this a Phising mail?

Just to add, phishing attacks can be really convincing, check out this Office 365 spoof login attack via a phishing email courtesy of @Maarten Eekels.  How many users would fall for this?

 

Office 365 Phishing Attack 1.pngOffice 365 Phishing Attack 2.png

 

User education is one of the best things that can be done to combat this as however good EOP is, some of these will get through or come in via other means.

1 Like
Reply
Cian Allner

‎Jun 01 2017 04:09 PM

‎Jun 01 2017 04:09 PM

Re: Is this a Phising mail?

Another example of an Office 365 related phishing email:

 

Office 365 Phishing.jpg

Source

 

Office 365 is a big target it seems for phishing campaigns.  The wording gives this one away but could still trick the uninitiated.

 

0 Likes
Reply