This morning I woke up to a very interesting phishing email. I never blog about phishing attacks but I found this one particularly interesting as it was spoofing Microsoft account services.
Identify the Phish
Phishing emails are always getting more creative. Sometimes it is hard to spot a fake from a legitimate email. But there are always a couple of tells on a fake email. The one I received this morning had a few.
The first was the email address. Despite it displaying outlook.com the part to the left of the at symbol read “outlooo.teeam”. This was the first red flag.
The second red flag is the sketchy use of the English language throughout the body of the message itself. It just doesn’t read well.
Then comes the Verify Your Account button. This was the ultimate red flag. Without clicking I hovered my mouse pointer over the button. It revealed where it was going to take me. Even if the email address had been formatted better and the body of the message was grammatically correct the link was the surefire tell. In the screenshot above I superimposed the link so you can see where it was taking me. Clearly not a Microsoft site. But some site in India.
The final red flag was the trademark symbol at the end of the message. I have no idea why the word “team” (or perhaps the entire phrase) is a trademark.
Now that we have identified a phishing email what’s next? I recommend reporting it to your anti-spam provider. Below are the steps for reporting it to Microsoft. If you have a 3rd party vendor for spam, check with your system admin on how to submit messages to them for analysis.
Note: When in doubt check with your system administrator. Your system administrator can check the message headers to see where the email really came from.
Report Phishing with Office 365
To report the email as phishing in Office 365, select Phishing from the Junk menu.
Report Phishing with Outlook
To report the email as phishing with Outlook you will need the Junk Email Reporting Add-in.
Note: This plugin is designed for Outlook users who are connected to Office 365, or, who are using Exchange Online Protection (EOP) with their on-premises Exchange server. If you are an Outlook user with another spam service you will need to contact that provider for their Outlook plugin.
Once you have the plugin installed it is time to submit a message for spam analysis. Select the message and from the toolbar pick Junk >> Report Junk.
This will present a new dialog. Clicking Yes on this dialog submits the message to Microsoft for review. You can also select the Do not show this message again if you wish to squelch the confirmation prompt. Pick No to cancel the operation.
For more information on using the plugin check this link.
Report Phishing with Outlook.com
To report the email as phishing in Outlook.com, select Phishing scam from the Junk menu.
Phishing attacks are always getting more advanced. When in doubt check with your system administrator, or, a Microsoft certified partner.
How about you? Have you run into some creative phishing attacks? Drop a comment below.