A new email phishing campaign has been found that claims to be the Microsoft Office 365 team. This new campaign sends a user an email that claims that there is an unusual amount of file deletions in the users Office 365 account and the attackers urge the user to review the alerts. The email claims that is a “medium-severity alert.” If a user clicks on the alert, the victim is redirected to a spoofed Office 365 account login page. If a user enters their login credentials the information is sent to the attackers, then the victim is redirected the official Microsoft website. The contents of the malicious email are; “A medium-severity alert has been triggered, Unusual volume of file deletion, Severity: Medium, Time: 05/26/2019 07:36:39 pm (UTC), Activity: FileDeleted, Details: 15 matched activities in 5 minutes, View alert details,”
Analyst Notes
If a user is directed to a page that asks for their login credentials for Microsoft, the user should look at the URL. If the URL is not either, Microsoft.com, live.com, or outlook.com, then the user should not attempt to enter their credentials.
