Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims. This particular Office 365 phishing fraud starts with an email impersonating a Microsoft alert for renewing the subscription for the Office suite of services. When a potential victim fails to log into their Office365 account on the fraudulent website, they can turn to the customer support service, which is conveniently visible on the page.
Scammers are getting very crafty now! Keep and eye out for this.
— TruOFFICE (@TruOFFICE) February 26, 2019
Experts Comments below:
Tim Sadler, CEO and Co-founder at Tessian:
“This is an example of advanced spear phishing—attackers masquerade as a legitimate and well-trusted company in an attempt to defraud unknowing targets. Using Microsoft’s live chat support to extract information is particularly cunning. Most targets won’t suspect that the Microsoft page is not legitimate, and will therefore not be suspicious when asked to disclose personal information with the “support agent.” This is not the first time we’ve seen productivity tools being exploited to defraud unwitting targets. Recently, we reported in our blog that attackers have started to use Microsoft Forms to bypass security systems and extract data from users.
The overall lesson is that users have to be educated on the different and ever-evolving forms of phishing scams, and security solutions need to be able to adapt and evolve to sophisticated threats.”
Corin Imai, Sr Security Advisor at Domaintools:
“Cybercriminals seem to have refined their social engineering skills, and this phishing campaign is the latest demonstration of just how resourceful and creative fraudulent operations can be. Although it might be easy to trust a website that features a live chat support function, users should still follow the best practices of looking at the sender’s email address, checking websites’ URLs before clicking on links, and avoid disclosing personal information such as telephone numbers and email addresses to anyone. Ultimately, educating the general public to the risks that can come through their email inbox is still the best tool to ensure the reduction of this kind of attempts: every successful harvest of data, financial information and capital serves an incentive to cybercriminals.”