Exploits on Office 365 are Growing

Scammers are using compromised Optus accounts and Microsoft Azure blob storage to dupe unsuspecting users into clicking malicious links.

Advisories from email and web filtering software vendor Mailguard this week highlighted two scams being conducted under the name of the telco and software giant, respectively.

One scam, reported yesterday, has been impersonating Microsoft and OneDrive and one drive to convince recipients to click a link in order to access a remittance advice file that had supposedly been shared with them.

The link in the email leads them to a fake website, some of which are hosted on Microsoft’s Azure blob store in order to fool a user with a real “windows.net” URL.

The fake website pretends to be a portal for Microsoft Office 365, complete with a pop-up prompting users to enter their login details.

“[The scam] is a good reminder of how innocent-looking, plain emails can, in fact, be malicious, despite where they purport to be from,” Mailguard said.

“As simple as they may seem, these attacks are happening all too regularly, and with devastating effect.”


View full article here: