Security News > 2020 > July > Phishing attacks aim to steal sensitive data by prompting people to renew Microsoft subscription

The initial scam emails claim that the recipient must renew their Microsoft Office 365 subscription, says Abnormal Security.
In a Friday blog post, Abnormal Security described two separate phishing campaigns, both of which impersonate actual notices from Microsoft.
The goal is to steal sensitive information from the recipients by convincing them that they need to renew their Microsoft Office 365 subscription.
Hosted on a domain called "Office365family.com," which is registered by website builder Wix, the first campaign sends out an email telling the user that Office 365 is now Microsoft 365 and that they should renew their subscription by a certain due date.
In the second campaign, the email warns the recipient that their Microsoft 365 subscription has already expired and that it must be renewed by a certain date.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)