Cyber criminals target Australia through fake Microsoft Office 365 site

Cyber criminals target Australia through fake Microsoft Office 365 site

As part of new phishing campaign hitting Aussie inboxes

A new phishing scam impersonating Microsoft Office 365 has hit Australian inboxes this week, impacting local organisations across the country.

The fake email, which began landing on Monday, 30 November, is a simple HTML message that tells recipients they need to upgrade their accounts as they have gone over their quota.

The link takes users to a fake but legitimate looking Microsoft Office 365 site, according to email filtering company, MailGuard.

“This is not a real Microsoft website," MailGuard wrote in a blog post. "Although the graphic design of the web page looks quite good, this is a fake website used by hackers to collect login data from unsuspecting victims.

"Cyber criminals frequently exploit the branding of global companies like Microsoft in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of users globally, Office 365 is a regular victim of these scams."

A screenshot of the fake website (Photo - MailGuard)
A screenshot of the fake website (Photo - MailGuard)

According to MailGuard, phishing continues to be one of the most prevalent forms of cyber crime in Australia.

Specifically, the vast majority of online scams - more than 90 per cent - are perpetrated using email, with the security specialists avoiding users to "always be skeptical" of messages from unfamiliar senders.

With regards to the last phishing campaign, the sender details picked up in the Microsoft messages contained a display address of theresa(at)vistamfg(dot)com and a sending address of t.beasley(at)vistamfg(dot)com.

"If you think you may have received this phishing email, check the sender details carefully," MailGuard advised.

"Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or phishing attacks. Obviously, this bogus email does not originate from a Microsoft email domain."

An example showing the format of the phishing message intercepted by MailGuard (Photo - MailGuard)
An example showing the format of the phishing message intercepted by MailGuard (Photo - MailGuard)

As cyber criminals continue to impersonate well-known and popular brands - in a bid to drive the trust of users to click malicious links - other companies often targeted in Australia include the Australian Taxation Office, accounting software firm MYOB, Telstra, as well as banks such as ANZ and CBA.

Only last week, MailGuard picked up a large run of fake Telstra notification bills with a link to a Sharepoint folder containing a JavaScript file.

This was followed by another large scale email scam, this time, impersonating MYOB brand with a fake DocuSign supply order.

The most recent phishing campaign also aligns with the launch Microsoft 365 Business in Australia and New Zealand (A/NZ), as part of the global launch of the new solution, which combines Office 365, Windows 10 and Enterprise Mobility plus Security.

As reported by ARN, Microsoft 365 Business is designed to provide customers with a complete and intelligent solution to empower all employees.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftemailscamOffice 365

Show Comments