Latest Email Phishing Scam Targets Office 365 Users

In recent weeks we have witnessed an increase in phishing attacks targeting businesses and consumers who use Office 365 email services. Unscrupulous syndicates are coordinating efforts to gain access to Office 365 accounts by stealing login credentials obtained using convincing fake login screens.

Fraudster email attacks are becoming increasingly sophisticated – often appearing to be sent from a business, organization, or individual the victim normally emails or does business with. The fictitious emails contain malicious links or attachments that redirect the victim to a fake login page asking for their email username and password. Once the information is entered, fraudsters then use the stolen credentials to log into Office 365 and send fraudulent emails to the victim’s contact list, perpetuating the scam. We have also seen the interception of email communications between legitimate parties and then fraudulent requests for invoice payments.

If you use Office 365 for email, we encourage you to be extra vigilant. Emails containing hyperlinks or attachments that require additional actions by you should be carefully vetted before proceeding. If you are unsure if an email you received is legitimate, do not click on any links, attachments, or provide any information.

If you think you may have fallen victim to this scam, immediately contact your IT Support team or NETCONFIG to:

We also encourage you to contact any of your email contacts via phone or a safe email address to inform them that your email account has been compromised and to let them know they may receive fraudulent emails appearing to be sent by you.

Signs your account may have been compromised include:

NETCONFIG recommends taking the following preventative measures to protect you and your organisation:

While Office 365 is the most recent phishing target, these types of scams regularly impact other email applications and platforms as well. Always be cautious when opening any emails that were not expected, are coming from someone you do not know, and contain links or attachments you were not expecting. Whilst the threat landscape is ever evolving. As these threats evolve NETCONFIG will ensure we take a best practice approach at all times however there is the human element that we cannot control. Therefore Education and Training is paramount to mitigate these risks. Please chat to our Training Department on Security training for you and your staff.

Please Note: Microsoft and/or NETCONFIG will NEVER

Examples of Phishing emails below:

    1. Quota being reached
    2. Account to be verified
    3. Request to cancel Deactivation of your Account
    4. Password Expired 

Quick items to check on your Microsoft Outlook

One of the most common targeted attacks at the moment is that once your account has been compromised, these criminals will setup an Email Forwarding rule on all your incoming and outgoing email.

  1. Please check your Microsoft Outlook for any strange email forwarding rules that may not have created.
  2. Have a look “Sent Items” to see if the emails that are being sent out are the ones you have physically sent.

If you would like to find out how to make your business more secure in the digital world, chat to the sales team at NETCONFIG, we are here to assist.

Submit spam, non-spam, and phishing scam messages to Microsoft for analysis

Use email to submit junk (spam) or phishing scam messages to Microsoft

To submit a junk or phishing scam message to Microsoft:

  1. Create a blank email message.
  2. Address the message to the Microsoft team that reviews messages, as follows:
  1. Copy and paste the junk or phishing scam message into the new message as an attachment.


You can attach multiple messages to the new message. Make sure that all the messages are the same type — either phishing scam messages or junk email messages. > Leave the body of the new message empty.

  1. Click Send.


Sign up to our monthly newsletter for the latest news and information!