Microsoft Office 365 users with admin accounts are receiving phishing emails made to look like they’re coming from Microsoft, according to PhishLabs. The emails are being delivered with the Microsoft Office 365 logo at the top and are coming from validated domains from a real organization’s 365 infrastructure. The sender’s name is “Services admin center” with the subject line reading “Action Required” or “We placed a hold on your account,” which is done to instill a sense of urgency in the receiver. “Well established domains with a track record of sending benign messages are less likely to be quickly blocked by these systems,” stated PhishLabs. “This increases the deliverability and efficiency of phishing lures.” Links are included in the emails and if clicked, they take the potential victim to a fake Microsoft login page. Since the campaign involves using previously compromised Office 365 domains, it is likely that any domains that are compromised in the future will be used to continue launching attacks. No specific industry is being targeted in these attacks.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in