Office 365 users: Beware of new phishing attack to steal your identity

Photo credit: / trambler58

Hundreds of millions of people around the globe use Microsoft Office 365, which includes Word, Powerpoint, Excel, Outlook, OneNote,  OneDrive, Publisher and more. Unfortunately, criminals are always in cyberspace trying to steal your information and their latest schemes are very sophisticated.

Microsoft has warned that one common method of avoiding clicking on a phish — hovering your cursor over the link to see the full URL — is in this case totally ineffective, as the malicious actors behind the campaign have set up open redirects using a legitimate service.

According to, the campaign uses among other things, social engineering lures impersonating Office 365, to tempt users to click on a link. This leads to a series of open redirects — which have common legitimate uses, for example to direct customers to a landing page, or track email click rates — to take the victim to a malicious Google ReCaptcha verification page, and from there to a fake Office 365 sign-in page, where the unlucky are relieved of their credentials, and then redirected to another fake page, purporting to be Sophos, to add extra legitimacy to the enterprise.

Whether its Office 365, your bank, email or other accounts, you should always go directly to that site yourself and then log in. Never use links that were sent to you or show on other pages when going to important accounts. Also, be sure that you have security and virus protection on all of your devices, they may give you advance warning of these types of phishing scams. The cyber thieves aren’t going to ever stop getting more and more sophisticated with their hacks and you must stay vigilant to protect what’s yours!

Read more about:

Also read

Michael Jordan and son Jeffrey starting tech company to link fans to athletes
Instagram set to bring back the chronological feed in 2022
Android users are in luck after this iOS 15 update
New iphone image_1239866722
Powerful cyber espionage tool hacks your iPhone without you even clicking anything
Instagram swipe-up
Instagram set to retire swipe-up links as of Aug. 30
woman concerned
Popular app's recent data breach and steps to keep your information safe

Watch this video

What's new

Weekend Watch: Hellraiser
Weekend Watch: 'Hellraiser' resurrects fan-favorites in reimagined film
Amanda Seales
Comedian Amanda Seales dispenses laughs from coast to coast
Kasha Johnson details the journey that led her to become head of training at Bedroom Kandi by Kandi Burruss (Photo by Derrel Jazz Johnson for rolling out)
How Kasha Johnson became head of training for Bedroom Kandi