Office 365 Phishing Campaign Threatens Account Deletion

The NJCCIC frequently detects phishing campaigns attempting to compromise Microsoft Office 365 accounts. These accounts are often targeted due to their access to sensitive data and additional applications. Researchers recently reported on a new phishing campaign that claims to come from the “Office 365 Team” warning the user that their account is going to be deleted unless the request is cancelled within the hour. This new campaign employs the old tactic of creating a sense of urgency to convince users to take risky actions, such as clicking on a link in an unexpected email. Once clicked, the link directs the user to a fraudulent Microsoft Office Support Account Update page that prompts the user to sign into their account in order to cancel the request. Once the user’s credentials are entered and submitted, they are sent to the threat actors and the user is redirected to a landing page with a “thanks!” message. The login and other landing pages were created using Excel Online. The NJCCIC highly recommends users avoid clicking on any links contained in unexpected or unsolicited emails. If the user is uncertain of the email’s legitimacy, contact the sender via an alternate method. We advise users to refrain from responding to the email as this confirms delivery of the phishing email to the threat actor. More information can be found in the Bleeping Computer article.