New Phishing Tactic to Steal Office 365 Account Credentials

Xavier Mertens of ISC discovered a new phishing campaign targeting individuals with emails meant to look like non-delivery notifications from Microsoft Office 365. The message states that “Microsoft found Several Undelivered Messages” and prompts users to click on a “Send Again” link, citing server congestion as the cause. The “Send Again” link leads to a phishing site that auto-populates the user’s email address and prompts them to sign into their Office 365 account. Once the user enters their password and clicks “Sign in,” they are redirected to the legitimate Office 365 login page. The NJCCIC strongly recommends never using links provided in unsolicited emails to visit websites requiring the input of account credentials. Instead, we advise visiting the account’s associated website by typing the legitimate address directly into the URL field of your web browser. Additionally, enable multi-factor authentication on all accounts that offer it to prevent unauthorized access as a result of credential compromise.