Microsoft Office365 Scam Email

Stealing credentials (your logins and passwords) is an ever growing industry.  Those stealing your information are usually selling it off to other criminals who will then work to profit from it.  Imagine what someone could do, connecting your password to your email address and then attempting to access bank accounts and credit cards.  All they need is control of your email to reset passwords and setup email rules so you'll never even see those emails come through.  Even worse is when they initiate bank transfers to offshore accounts.  You never see it happen because they're in your bank account creating the transfer and in your email forwarding any messages that show what's happening while it's being authorized and sent.

That is what makes this new scam particularly dangerous.  How many of your have employees who would click on what appears to be an email order for product and thereby compromise the entire company?


The email arrives looking like an incoming purchase order.

When you click on "Preview Fax Message" you arrive at what appears to be a OneDrive for Business.

This however is just a document uploaded to a public SharePoint site.  "Open" opens the document in a new window. "Print" prints this uploaded document. "Download" downloads this document.  The only place you can click that would take you to the "PO-9874029322071216" is the hyperlink in the document "Access Document".



Once clicking "Access Document" you are taken to a poorly done Office365 login screen.  Put your username and password in and it's gone off to who knows where.


A look at the root of this document, shows exactly how rudimentary this website is.

Sadly, it is easy to see how little effort these criminals put forth to trick you.


If you or your company has fallen for this scam, immediately change your password on Office365 and EVERYWHERE you use that email / password combination.  Then contact your internal IT or your IT company and let them know what has happened so they can take any other steps they deem necessary.  Lastly, it is important that you educate your employees about threats like this and make sure they know to immediately report these kinds of emails and make the right people aware if they have put their credentials in.  They may worry about the consequences of admitting it, but the consequences will be far worse if they don't report what has happened. 

If your business has questions or concerns about scams like this give us a call.

Facebook Twitter Google+ Pinterest

Leave a comment


Log in