Phishing Attack pretends to be a non-delivery notifications email from Office 365

The new phishing attack, which has been found, is using forged non-delivery notifications email in order to steal users' credentials of Microsoft Office 365. This latest phishing attack has been discovered by Xavier Mertens, ISC Handler, while reviewing the data that was captured by his honeypots. The attack started when the user receives forged non-delivery notification email from Microsoft Office 365. The email states that "Your messages couldn't be delivered. Microsoft found Several Undelivered Messages". It then prompts the user to click on "Send Again" button included in the fake Microsoft Office email under "How to Fix It", in order to attempt sending those emails again. Just for compa

(617) 884-1086

PO Box 3279, 360 N. Main St.,  Andover, MA 01810 

  • facebook