Be on the look out for “Password Set to Expire” phishing emails.
Are password reset emails trustworthy? Microsoft365 / Office365 customers, beware of this recent email phishing attack.
The email states your Microsoft365 email password is set to expire. At first glance, it appears to be a typical Microsoft simple text email. Examining the “from” address, however, we can see it is from a non-Microsoft web “spoofed” email address. Further examination into the header reveals a fake address.
Email “spoofing” is a term where one identifies as another by falsifying the email address posing as a legitimate company, but not the actual company.
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.
The purpose of such phishing attacks can be twofold.
- Firstly, is to retrieve your password. A bot on the other end will then immediately attempt to access the targeted Microsoft365 account where the attacker freely downloads all your M365 information. In some cases, the password is changed so you no longer have access.
- Secondly, it would be to execute a virus or ransomware on your computer.
Always review the “from” the address before opening any email, selecting any link or opening attachments. Also, if you have a third-party antivirus program like eset, right-click on the attachment and “SCAN” with your antivirus to be sure it is free of malicious content.
A good rule of thumb is, even if you think it might be a legitimate request, do NOT click the link, instead go directly to the account in question through a web browser. If there is truly such a request, typically there will be a notification upon login to the account.
Also, if the account password requires a reset, the website will require a reset upon access.