Multiple Active Phishing Campaigns Targeting O365 Credentials

July 23, 2020

Multiple phishing campaigns have been identified targeting Microsoft Office 365 (O365) users in an attempt to steal login credentials. In one of the campaigns, the phishing email mimics an automated official notification from the Outlook team on behalf of the recipient’s organization. The email urges recipients to upgrade Outlook services within 24 hours to avoid a delay in receiving emails and contains an embedded link to the convincing spoofed login page. If the link is clicked and credentials are entered, the user’s login, and any other information stored on linked accounts using the same O365 credentials, will be compromised.

Scam Example - Zoom
image source: Abnormal Security

A similar campaign has been spotted spoofing an official Zoom email address and impersonating a legitimate automated Zoom notification. The recipient is warned that their Zoom account was temporarily suspended and they will not be able to attend meetings or calls until the account is reactivated by clicking on the embedded link, which directs the user to a spoofed O365 login page. Both campaigns portray a sense of urgency and are very convincing with few, if any, grammatical errors. Compromised O365 credentials could be used in various future attacks, such as Business Email Compromise (BEC) scams. recommends users educate themselves and others on these continuing threats and tactics to reduce victimization.

Users are advised to, in response to emails from unknown senders:

  • avoid clicking links;
  • avoid opening attachments;
  • avoid providing personal or financial information;
  • exercise caution with emails from trusted senders;
  • if you are unsure of an email’s legitimacy, contact the sender via a separate means of communication.

We also advise users to refrain from taking action on unsolicited emails claiming that a service will be suspended, and instead, navigate to the official site to verify information. In short, when in doubt, do not click and do not enter credentials – always follow up with the sender via alternative communication.

Please call us to discuss adding additional email security measures to your email accounts/domain!

IT Support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
IT support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution IT industry awards
Scroll to Top