Microsoft warns Office 365 users for ongoing phishing campaign

<p>Microsoft has just tweeted a warning for its Office 365 users about an ongoing phishing campaign&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-2783" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2018&sol;10&sol;hacker&lowbar;code&period;jpg" alt&equals;"zero-day" width&equals;"640" height&equals;"373" &sol;><&sol;p>&NewLine;<p>This campaign is using a combination of commonly used spoofing tricks including legitimate-looking original senders&&num;8217&semi; email addresses&comma; spoofed display sender addresses containing target domains and usernames&period;<&sol;p>&NewLine;<blockquote class&equals;"twitter-tweet" data-width&equals;"500" data-dnt&equals;"true">&NewLine;<p lang&equals;"en" dir&equals;"ltr">The original sender addresses contain variations of the word &quot&semi;referral&quot&semi; and use various top-level domains&comma; including the domain com&lbrack;&period;&rsqb;com&comma; popularly used by phishing campaigns for spoofing and typo-squatting&period;<&sol;p>&NewLine;<p>&mdash&semi; Microsoft Threat Intelligence &lpar;&commat;MsftSecIntel&rpar; <a href&equals;"https&colon;&sol;&sol;twitter&period;com&sol;MsftSecIntel&sol;status&sol;1421232635502682118&quest;ref&lowbar;src&equals;twsrc&percnt;5Etfw">July 30&comma; 2021<&sol;a><&sol;p><&sol;blockquote>&NewLine;<p><script async src&equals;"https&colon;&sol;&sol;platform&period;twitter&period;com&sol;widgets&period;js" charset&equals;"utf-8"><&sol;script><&sol;p>&NewLine;<p>It&&num;8217&semi;s important to know that the original sender addresses contain <strong>several variations of the word &&num;8220&semi;referral&&num;8221&semi;<&sol;strong> and some <strong>various top-level domains including the domain com &lbrack;&period;&rsqb;com<&sol;strong> which is commonly used in phishing domains&period;<&sol;p>&NewLine;<p>The company advises its users to be extra cautious when opening e-mails with file share requests for bonuses&comma; staff reports&comma; or similar items&period; Fake URLs that are being used in these emails can lead users to Office 365 phishing page asking for user credentials&period;<&sol;p>&NewLine;<p>According to Microsoft&comma; this specific phishing campaign is also using some additional fraud techniques that can be hard to handle&period;<&sol;p>&NewLine;<p>Microsoft is offering assistance in taking down these phishing sites and for that purpose has posted its advanced hunting query on the <a href&equals;"https&colon;&sol;&sol;github&period;com&sol;microsoft&sol;Microsoft-365-Defender-Hunting-Queries&sol;blob&sol;master&sol;Email&percnt;20Queries&sol;referral-phish-emails&period;md" target&equals;"&lowbar;blank" rel&equals;"noopener">Github web page<&sol;a>&period;<&sol;p>&NewLine;