May 30 2017 08:08 AM
Hi. One of my user received the attached message earlier today. To me it definitely looks like phishing. The user clicked on the "Cancel Closure Process Now" link, and provided email and password
Is this something to worry about?
Perhaps MS can shed some light on this.
Regards,
Elvyn
PD: user/domain info has been removed from the email for security purposes
From: Office Microsoft365
Date: Tuesday, May 30, 2017 at 4:36 AM
To: Katia Rios <user1@xxxx.com>
Subject: Internal Server Process
Microsoft Office365
Dear user1
Your user1@xxx.com internal server has requested for the closure of your account.
we see this to be unusual.we require you to cancel this process within 12 hours.
failure to cancel this process will lead to the deactivation of your Office365 account.
If you are unable to sign in to your account or if unauthorized changes have been made to your office365
account, please contact our customer support team for assistance: +1 (488) 345-1630
This message was sent from the email address which is not monitored. Do not reply to this message.
Privacy | legal notices
Microsoft Office
One Microsoft Way
Redmond, WA
98052-6399 USA
May 30 2017 08:19 AM
Totally bogus e-mail.
You need to warn your user to never ever click on links in e-mail no matter how authentic they may look.
May 30 2017 08:25 AM
Yes is a Phising mail.
Are you receiving the mail (Your MX Record) is in Office 365 ?
What are your settings of EOP ?
Here are the best practices https://technet.microsoft.com/en-us/library/jj723164(v=exchg.150).aspx
May 30 2017 09:25 AM
Yes, your instincts are right this is a phishing email. If you haven't already, I'd reset the victims account password as it sounds like they submitted their details.
Phishing emails are predominately used to deliver a ransomware payload. Perhaps share these links with the user, as it has good advice from MS on how to spot this types of attacks if you haven't got your own guidance that you can point them to -
Protect yourself from phishing schemes and other forms of online fraud
Email and web scams: How to help protect yourself
May 30 2017 09:41 AM
Just to add, phishing attacks can be really convincing, check out this Office 365 spoof login attack via a phishing email courtesy of @Maarten Eekels. How many users would fall for this?
User education is one of the best things that can be done to combat this as however good EOP is, some of these will get through or come in via other means.
Jun 01 2017 04:09 PM
Another example of an Office 365 related phishing email:
Office 365 is a big target it seems for phishing campaigns. The wording gives this one away but could still trick the uninitiated.