As the title said, the microsoft.com domain is being spoofed to phish office 365 users. This is quite alarming for one, why is Microsoft allowing its domain to be spoofed is beyond me. They can easily fix this with proper SPF, DKIM, and DMARC records within their DNS.
In a recent report posted online by Lomy Ovadia, Ironscales vice president of research and development said that many industries are being targeted and lots of damage is being done.
The email phishing attack is so realistic looking that victims fall for the scam. It sure doesn’t help that the domain Microsoft.com is being spoofed.
The email is also composed in a way that will lure you into making a bad decision.
“Specifically, the fraudulent message is composed of urgent and somewhat fear-inducing language intended to convince users to click on what is a malicious link without hesitation,” Ovadia wrote. “As inferred by the message, the link will redirect users to a security portal in which they can review and take action on ‘quarantined messages’ captured by the Exchange Online Protection (EOP) filtering stack, the new feature that has only been available since September.”
Once you click on the link within the email it will take you a fake office 365 login page where you may type in your email address and password and compromising your account.
To mitigate attacks, Ironscales has advised everyone to configure their email defense and protection systems for DMARC, which should detect and reject emails coming from this Office 365 campaign.
I would suggest being extra careful always review the website domain and do not type your username and password onto anything that’s not legit. If your not expecting it, do not open it.