Ongoing Phishing Campaign Targets Microsoft Office 365 Admins

A new phishing campaign is actively targeting Microsoft Office 365 administrators with the end goal of compromising their entire domain and using newly created accounts on the domain to deliver future phishing emails. The attackers use phishing emails designed to look like they are coming from Microsoft, with the Office 365 logo shown at the top, and delivered using “validated domains” “from a legitimate organization’s Office 365 infrastructure” as PhishLabs found. They also use “Services admin center” as the sender name for the phishing messages delivered through this ongoing campaign as an attempt to spoof the legitimate Microsoft 365 admin center support team, and “Action Required” or “We placed a hold on your account” subjects to persuade their targets to act first and think later.

Source: Bleeping Computer

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips