New Office 365 Phishing email

I received a new O365 Phishing email. Take a quick look and see if you can spot all the problems in this mail:

Can you spot the clues?

Here’s some highlighting.

OK:

  1. not from Microsoft..
  2. Bad grammar – “we’ve prevent”,¬† “from been deleted”
  3. Misspellings¬† – “interuption”,”valiate”, “Acitivity”

The clickable link also uses a url shortener to hide that it’s not from MS.

The actual link goes to a page that has been identified as malware, but it could just as easily have been a site that looked like a valid Office 365 login – check the top url (helpwarrior.com is NOT Microsoft).

 

I received a phishing email that was relatively convincing. I thought that I would post it to show people what to look for when they are looking at an email. This email contains a few interesting elements. The statement that you are missing mail (meant to alarm you) and the use of the blue colour for the button, which is consistent with the colours that Microsoft actually uses to brand their business, and then the link to portal.office.com, which at first glance looks like a valid MS link.

If you look at the sender address – it clearly isn’t from Microsoft.

Then when you hover your mouse over the button or, more importantly, over that “portal.office.com” link that’s supposed to make you think this email is legitimate, you notice that the link doesn’t go to ‘portal.office.com’ but goes somewhere else entirely.

If you follow the link – you end up at a page that is a clone of the MS Office 365 sign in page – but is *NOT MICROSOFT*.

Look at the link in the URL bar – this is not a MS site. This is the social engineering process these individuals are using to steal your email login. Once they have your email login, they can reset the passwords to your bank accounts and other important items and go on to steal your identity.

Stay safe out there and protect your account information!

Hacked!

Hi All,

Elemental Computing’s website was recently hacked and replaced with spam. This website was on a long list of things that needed attention anyways, so I have deleted the old site and instead of just reloading from backup, I have replaced it with a wordpress installation and will be moving forward from here on the wordpress platform.