16 December 2018
A phishing campaign has been discovered that pretends to be a non-delivery notifications from Office 365 that leads you to a page attempting to steal your login credentials.
This new campaign was discovered by ISC Handler Xavier Mertens and states that “Microsoft found Several Undelivered Messages”. It then prompts you to click on the “Send Again” link in order to try sending the emails again. An example of this phishing email can be seen below.
Fake Office 365 Non-Delivery Notification
Actual Office 365 Non-Delivery Notification
If a recipient clicks on the Send Again link, they will be brought to a phishing site that impersonates the legitimate Office 365 login. The link will end with #[emailaddress], for example #@firstname.lastname@example.org, which will cause the email address to auto-populate in the page as shown below.
Not Office 365 log in. Pay attention to URL. This is the phishing site.
As always, users need to make sure that they are on the correct site when entering their login credentials, as attacks like these are getting more realistic and potentially harder for people to notice. In this case, the URL should stand out as suspicious, but many people may see the familiar login screen and enter details automatically.
Published on: Bleeping Computer