Spoofing Emails Targeting Office365 Users
Spoofing emails are a big problem these days leading to compromised personal information and sometimes devastating financial loss. If you want to protect yourself from spoof emails, it helps to know what a phishing, or email spoofing attack looks like. So we have a great example for you here! One of our clients got an email recently that looked like it was from Microsoft about their Office 365 account. Looking at this email from the view point of someone who is not familiar with phishing or spoofing attacks, it is easy to see how people often fall for these spoof emails. So, we are going to break this email down in a way that that will hopefully help you, your friends or employees detect email spoofing.
Misspelled or Incomplete Email Address
The first give away on this email was the incomplete email address. The email appears to be from Microsoft, but its missing the .COM at the end of the email address. This can be very easy to miss especially if you just take a quick glance at the email.
Spoofing Logos / Fake or Abused Logos
Secondly, the logo was a bit off. If you look up the real Office365 logo you will know what I mean. The font is not right and the real Office365 logo does not even have the word Microsoft in front of it. But the color of the “logo” and the careful placement of the word “Microsoft” could make this “logo” evade a quick “sniff test.” This logo is placed there to give the spoof email an official look. By mimicking a trusted source, the spoof engineer hopes that their fake email will evade detection.
Masking Rogue Website Links
Last but definitely not least is the link. If you get any email with a link, you can check where the link goes just by hovering your cursor over the link. But please do not click on the link, unless the web address is consistent with the source of the email, or unless you recognize the site. In this case, when we hovered over the link we noticed that the “Cancel Disable Process” link did not go to Office 365. Therefore, my educated guess is that this link will either lead to a fake page that looks like your Office 365 login, or it will lead to a page that will deliver a nasty virus payload to the PC.
This is just one example of an email spoof, but as you can imagine, email spoofing comes in many forms. The biggest take away here is to look for consistency. Just because an email has a Microsoft, IRS, Chase, Fox News, or Bank of America logo does not mean it’s coming from that source. Always check for consistency before you click on any email links. If you just get in the habit of checking the 3 things highlighted by the red arrows in our example, you will be able to enjoy your emails without becoming a victim of phishing or email spoofing.