Research carried out by the SANS ISC team has found a new Phishing attack in the wild that targets Microsoft Office 365 users, through the use of fake Non-Delivery Report (NDR) emails.NDR’s are sent to let you know that there has been an issue with delivering an email you have sent and provides information on why the email delivery was unsuccessful.This phishing email imitates a real Microsoft NDR in an attempt to steal the users Office 365 login username and password.Below is an image of a real NDR email from Microsoft:
The image below shows what the fake NDR email looks like:
At first glance this is a very convincing and has the potential to trick most people who do not look more closely into the email. Clicking on the Send Again link redirects the user to a phishing website that mimics the login page for Microsoft.The image below shows the fake login page:
If the user continues to enter their login details into this site, then the attacker has been successful in stealing the credentials of the users Office 365 account. This account should now be deemed as compromised, and immediate actions are required.
If you receive what you believe to be a fake email, look out for the following:
User education on these types of phishing threats combined with good technology controls can help to prevent these types of attacks from impacting your business.
Ironshare – Security Simplified
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.