Security News > 2020 > July > Phishing attacks aim to steal sensitive data by prompting people to renew Microsoft subscription
The initial scam emails claim that the recipient must renew their Microsoft Office 365 subscription, says Abnormal Security.
In a Friday blog post, Abnormal Security described two separate phishing campaigns, both of which impersonate actual notices from Microsoft.
The goal is to steal sensitive information from the recipients by convincing them that they need to renew their Microsoft Office 365 subscription.
Hosted on a domain called "Office365family.com," which is registered by website builder Wix, the first campaign sends out an email telling the user that Office 365 is now Microsoft 365 and that they should renew their subscription by a certain due date.
In the second campaign, the email warns the recipient that their Microsoft 365 subscription has already expired and that it must be renewed by a certain date.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)