We have received numerous reports and examples today of an advanced phishing email being used to harvest Office365 credentials.

The email is sent through a compromised account of an individual that is familiar, such as a colleague, business partner, vendor, etc. The attacker gets your email address from the compromised mailbox and then sends you an email with an attachment. The HTML attachment contains a ‘Review Document’ button that takes you to a fake Office365 login page.

Fake Adobe Acrobat DC
Figure 1. Example of a fake Adobe Acrobat DC HTML attachment

As indicated, if the ‘Review Document’ button is clicked, you will be taken to a fake Office365 login page. If you put your credentials into this login, you have given the attacker access to your Office365 mailbox, which will then be used to SPAM others. If it is believed that you or anyone else has already entered credentials into a log in page like this, we recommend you change your password immediately.

The fake Office365 login page looks very convincing, except for the URL it is hosted on. If you look at the example below, you will notice that the URL is https://redcarpetaresmart.info/. This is not Microsoft’s Office365 URL.

Fake Office365 Login Page
Figure 2: Fake Office365 Login Page

If the attachment has been opened, and the link clicked but credentials have not been entered, your system and your Office365 mailbox has not been compromised. Likewise, if you do not have an Office365 account, then entering credentials will yield no usable information for the attackers. As a precaution, we would always recommend changing login credentials if you feel you logged into a suspicious website.

How is your state of IT?

Call Us: (201) 493-1414

Related Articles

Increase in Emotet Infected Emails
How Businesses Can Securely Work From Home (VPN Guidance)
Reopening the Workplace After COVID-19: Technology Considerations
Data Security: What Can You Do To Mitigate Risk
4 Common Threats to Your Data
Multiple Active Phishing Campaigns Targeting O365 Credentials
Twitter Hacked in Coordinated Social Engineering Attack
Has your info and password been hacked? – Latest breach had compromised billions of records
Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
Scroll to Top