Scammers have been employing sneaky tactics to get at your information and finances since the internet first arrived. Email is among the oldest vehicles for bad actors to ply their trade, and they’re still at it decades later.
A scammer can pose as a company or service you know to earn your trust and trick you into handing over whatever they ask for. This is known as phishing and it’s a serious problem. As if that’s not enough, crooks are sending emails that prompt users to dial a phone number and connect with more crooks. Tap or click here to learn more about voice phishing or vishing scams and how to avoid them.
Now, Microsoft is warning Office 365 users about a phishing scam with email links that can redirect victims from a real site to a malicious one.
Here’s the backstory
A recent Microsoft blog post describes a scam that uses redirects to trick potential victims into handing over personal information. These open redirects appear to be legitimate but will actually lead to spoofed sites.
Hovering your mouse over the link will show a real domain name you may know and trust. Click on it, and you’ll be taken to a malicious site or page, however. Once there, you can be prompted to enter your credentials, or malware can be triggered to download to your device.
In this case, the phony email is masquerading as an official one from Microsoft Office 365 and Zoom. Users who click on the embedded links are sent to a Captcha page, making things seem even more legitimate.
Once the victim gets past that, they are taken to a login page with their email address already filled in. More trickery. They enter their password and now the scammer has their credentials.
Microsoft says it’s observed more than 350 unique phishing email domains used in this scam so far.
Shield yourself from attack
Microsoft Defender for Office 365 can detect email threats and using AI and machine learning. You can check out Microsoft’s recommended settings to get its phishing protection.
Here are some more steps you can take to limit your exposure to phishing scams: