is being Spoofed to Phish Office 365 Users

As the title said, the domain is being spoofed to phish office 365 users. This is quite alarming for one, why is Microsoft allowing its domain to be spoofed is beyond me. They can easily fix this with proper SPF, DKIM, and DMARC records within their DNS.

In a recent report posted online by Lomy Ovadia, Ironscales vice president of research and development said that many industries are being targeted and lots of damage is being done. 

The email phishing attack is so realistic looking that victims fall for the scam. It sure doesn’t help that the domain is being spoofed. 

Spoofed Email Headers

The email is also composed in a way that will lure you into making a bad decision.

“Specifically, the fraudulent message is composed of urgent and somewhat fear-inducing language intended to convince users to click on what is a malicious link without hesitation,” Ovadia wrote. “As inferred by the message, the link will redirect users to a security portal in which they can review and take action on ‘quarantined messages’ captured by the Exchange Online Protection (EOP) filtering stack, the new feature that has only been available since September.”

Spoofed Email Message

Once you click on the link within the email it will take you a fake office 365 login page where you may type in your email address and password and compromising your account. 

To mitigate attacks, Ironscales has advised everyone to configure their email defense and protection systems for DMARC, which should detect and reject emails coming from this Office 365 campaign.

I would suggest being extra careful always review the website domain and do not type your username and password onto anything that’s not legit. If your not expecting it, do not open it. 

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.