We have received numerous reports and examples today of an advanced phishing email being used to harvest Office365 credentials.

The email is sent through a compromised account of an individual that is familiar, such as a colleague, business partner, vendor, etc. The attacker gets your email address from the compromised mailbox and then sends you an email with an attachment. The HTML attachment contains a ‘Review Document’ button that takes you to a fake Office365 login page.

Fake Adobe Acrobat DC
Figure 1. Example of a fake Adobe Acrobat DC HTML attachment

As indicated, if the ‘Review Document’ button is clicked, you will be taken to a fake Office365 login page. If you put your credentials into this login, you have given the attacker access to your Office365 mailbox, which will then be used to SPAM others. If it is believed that you or anyone else has already entered credentials into a log in page like this, we recommend you change your password immediately.

The fake Office365 login page looks very convincing, except for the URL it is hosted on. If you look at the example below, you will notice that the URL is https://redcarpetaresmart.info/. This is not Microsoft’s Office365 URL.

Fake Office365 Login Page
Figure 2: Fake Office365 Login Page

If the attachment has been opened, and the link clicked but credentials have not been entered, your system and your Office365 mailbox has not been compromised. Likewise, if you do not have an Office365 account, then entering credentials will yield no usable information for the attackers. As a precaution, we would always recommend changing login credentials if you feel you logged into a suspicious website.

How is your state of IT?

Call Us: (201) 493-1414

Related Articles

New Extortion Phishing Scam Circulating
Fake Ransomware COVID-19 Surveys in file-sharing platforms
Phishing Campaign Delivers Ransomware to Teachers’ Devices
NJCCIC Warns of Unemployment Scams and Fraud
10 Tips for National Cybersecurity Awareness Month (October 2020)
6 Tips to Secure Your Home WiFi
Email Best Practices
Increase in Emotet Infected Emails
Our Awards:
Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution IT industry awards
Scroll to Top