Security News > 2020 > July > Phishing attacks aim to steal sensitive data by prompting people to renew Microsoft subscription
The initial scam emails claim that the recipient must renew their Microsoft Office 365 subscription, says Abnormal Security.
In a Friday blog post, Abnormal Security described two separate phishing campaigns, both of which impersonate actual notices from Microsoft.
The goal is to steal sensitive information from the recipients by convincing them that they need to renew their Microsoft Office 365 subscription.
Hosted on a domain called "Office365family.com," which is registered by website builder Wix, the first campaign sends out an email telling the user that Office 365 is now Microsoft 365 and that they should renew their subscription by a certain due date.
In the second campaign, the email warns the recipient that their Microsoft 365 subscription has already expired and that it must be renewed by a certain date.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)