ATTENTION: Office 365 Phishing Scam

Protect yourself from the latest Office 365 email phishing scam.

According to Microsoft, a clever phishing campaign is plaguing Office 365 users. What exactly is phishing? Phishing (pronounced like fishing) is an attack that uses specific tactics of deception to try to steal critical information such as your identity, your bank information, and even your passwords. Phishers can masquerade their scam by posing as legitimate websites, luring you into trusting them with vital information stored on your computer. Phishers are not limited to fake websites though, which Office 365 users learned all too well through various phishing emails. 

How to Spot This Phishing Campaign 

These emails typically look safe by appearing to look like they include a shared document. However, if you look at the address, a phishing email from this specific campaign will contain some variation of the word “referral”, such as or The document they’ve “shared” with you might be stored on Microsoft Sharepoint.

The documents attached in these phishing emails are typically fraudulent staff reports, or documents containing information about bonuses. These documents will even send you to an Office-365 themed page which will steal your information. According to Microsoft, “the emails contain two URLs that have malformed HTTP headers. The primary phishing URL is a Google storage resource that points to an AppSpot domain that requires the user to sign in before finally serving another Google User Content domain with an Office 365 phishing page.” 

If You Receive an Email Like This… 

Do not open the email. Instead, open a new window and search the name of the sender/ domain the email came from (make sure to not include the extension). Oftentimes people will report or post sketchy emails online. If the email comes from an organization and seems suspicious, go to the organization’s official website. You can call that number and verify the email. Report the email to Microsoft, and then delete the email. 

If the email comes from someone you know, contact them via social media or phone call and inform them of the suspicious activity. Then report the email to Microsoft and delete the email. 

What to Do If You Suspect You’ve Been Phished…

You may have opened one of the emails or fallen for another form of a phishing attack. Your information is vulnerable… so what now? Here are some steps you can take to make sure to protect yourself from as minimal damage as possible. 

  1. As soon as you think you’ve accidentally fallen for one of these scams, make sure you write down as many details as you can remember about your information. Particularly, try to write down any usernames, passwords, account numbers, or identifying information you may have shared. 
  1. Act quickly! Change all your passwords, including the password for those affected accounts. Make sure you use a unique password with uppercase letters, lowercase letters, special characters, and numbers. 
  1. Verify that your two-step authentication is turned on for all accounts. Heavily consider adding two step authentication to your defense if you don’t use it.
  1. Make sure to notify the IT support team if the attack occurs on an organizational computer. Also contact all financial institutions you have accounts with to inform them of your vulnerability. 
  1. If you lose ANY money or have your identity stolen, report it to local law enforcement. Since you’ve been documenting the details and process of this attack, the information you’ve recorded will be invaluable to them. 
Scroll to Top