A new phishing attack is using fake non-delivery notification in an attempt to steal users’ Microsoft Office 365 credentials. These credentials will then be used to send messages from the users account, further spreading malicious emails and software.
In this case, the attack begins when a user receives a fake non-delivery notification email from ‘Microsoft.’ An example is below:
The fake email instructs the user to simply click the “Send Again” button included in the email. This will redirect the user to a phishing site that impersonates the real Office 365 login. The URL for the phishing page ends with *[email address] and incorporates this information into a dialog box designed to steal the user’s password for their Office 365 credentials.
Due to the size of the Office 365 platform, attacks like these are unfortunately common. In 2017, bad actors used a botnet attack called ‘KnockKnock’ to primarily target Office 365 system accounts. Just a year previously, researchers documented an attack campaign where digital attackers incorporated code into fake shipping alerts to trick users into sending over their Office 365 login credentials.
Ultimately, users can protect themselves against these types of email-based attacks by familiarizing themselves with the most common types of phishing operations. They should also consider protecting their Microsoft accounts with two-factor authentication (2FA). Lastly, be prudent when opening an email. Always look at the senders’ information for abnormalities. The same is true for any links contained within an email. In this specific case, the senders address was not a Microsoft domain and the URL the link took you too was agilones.com which has no relation to Microsoft whatsoever.