Users of Microsoft’s popular Office 365 software might be the victims of the latest phishing campaign making its rounds online.
Some users are receiving notifications purporting to be from “Office 365 Team” notifying recipients of an “unusual volume of file deletion” on their accounts.
When recipients click on the “View alert details” link, a fake Microsoft login page appears that captures users’ login credentials. The attackers are using Azure, a popular hosting site that makes it more difficult to distinguish questionable URLs in a phishing attack.
For Microsoft users, login screens only derive from microsoft.com, live.com, microsoftonline.com, or outlook.com. The growing sophistication of these attacks makes it even more difficult for users to differentiate a phishing attack from a real message. However, comprehensive training from providers like us can stop phishing scams in their tracks by empowering customer and employees with cybersecurity training and awareness.