Microsoft has just tweeted a warning for its Office 365 users about an ongoing phishing campaign.
This campaign is using a combination of commonly used spoofing tricks including legitimate-looking original senders’ email addresses, spoofed display sender addresses containing target domains and usernames.
The original sender addresses contain variations of the word "referral" and use various top-level domains, including the domain com[.]com, popularly used by phishing campaigns for spoofing and typo-squatting.
— Microsoft Threat Intelligence (@MsftSecIntel) July 30, 2021
It’s important to know that the original sender addresses contain several variations of the word “referral” and some various top-level domains including the domain com [.]com which is commonly used in phishing domains.
The company advises its users to be extra cautious when opening e-mails with file share requests for bonuses, staff reports, or similar items. Fake URLs that are being used in these emails can lead users to Office 365 phishing page asking for user credentials.
According to Microsoft, this specific phishing campaign is also using some additional fraud techniques that can be hard to handle.
Microsoft is offering assistance in taking down these phishing sites and for that purpose has posted its advanced hunting query on the Github web page.