Office 365 Billing Scam

A pretty creative new scam to be aware of…

So I had one of my clients call in to advise that the Office 365 subscription was expiring and that they received a notification email to click a link for renewal. Here’s what it looks like –

spam shot

Pretty well crafted. You’ll notice that the link has Microsoft spelled wrong and its quite easy to miss. Since the brain is already familiar with the term it fills the missing letter ‘f’.

If you notice the email address it comes from, it’ll say something like billing@office-online.com.

This is not a Microsoft domain although it appears plausible to innocent onlookers and non IT people. I managed to trace the domain. The person who sent it used a gmail server to authenticate, then spoofed the domain to send this email. In my case, I traced the sender down to Germany, found the public IP of the sender, then provided that to the hosting Internet service provider in Germany.

Now hopefully they do something about it! DO NOT action this email or click the link. I do not know the result of this as I haven’t really bothered trying it out. Chances are that it can perform some form of malware infection. Just delete the email if you see it.

Find the post useful? Like and spread the word 🙂 

 

 

 

 

 

Thanks for reading! Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s