Since December 2019, there has been a coordinated campaign of phishing attempts targeting Office 365 users. Cyber criminals have sent spoofed email, gathering the login credentials and payment details of Microsoft accounts in over 62 countries.

According to one report, despite a 42% reduction in phishing attempts in 2019, scams like this Microsoft Office 365 campaign remain a significant threat to global enterprises. While the number of attacks has decreased, they’ve also become more complex, with hackers conducting in-depth research on their targets.

As attackers have switched to phishing campaigns that emphasize the “quality” of spoofed email over quantity, defending against isn’t as simple as filtering email or deploying an email gateway. Cyber criminals are finding ways to sidestep traditional perimeter defenses.

This article will look at the Microsoft Office 365 phishing scam to examine what makes it so effective and the measures you can use to protect your data from a phishing email.

The Microsoft Office 365 Phishing Scam: Here’s What Happened

Throughout this phishing campaign, cyber criminals have sent out spoofed email prompting the recipient to renew an Office 365 subscription. The fraudsters created email targeting 15,000-50,000 inboxes that imitated real notices sent out by Microsoft to mislead users into providing personal information.

The attackers sent out two distinct campaigns. The first campaign, hosted on a domain called “,” featured a phishing email requesting the recipient to renew their Office 365 subscription before a particular date.

The email included a link that took the victims through to a fake site that looked just like the real Microsoft landing page and asked them to enter their name, address, and credit card information in a submission form.

The second campaign warned the recipient that their Microsoft 365 subscription has expired and urged them to renew it before the expiry date. If the recipient clicked through to the link, they were taken to a real PayPal page and prompted to enter their payment details.

Any individuals who entered their information or payment details had their data and/or money stolen by the attackers. Fortunately, Microsoft has successfully obtained a court order that’s given them the power to seize each domain involved in the campaign.

Why This Phishing Attack is So Effective

The Microsoft Office 365 scam is a key example of how powerful a convincing phish attempt can be if the victim isn’t prepared. There are many reasons why this attack has been so effective:

1. It appears to come from an “official” source

Like all successful con artists, the attackers exploit the victim’s trust. In this case, the cyber criminals use the Microsoft brand and a fake domain to gain the recipients’ confidence so that they take the email at face value.

2. It tricks users with subtle URL changes

Hosting the scam on a domain called “” makes the link included in the email appear legitimate so users don’t suspect anything malicious. Clicking on the link then takes the target to a landing page that looks almost identical to Microsoft’s actual site.

3. It convincingly spoofs well-known brands

At first glance, the email appears to be from Microsoft. The fraudsters successfully imitate the branding of Microsoft and PayPal on separate pages, giving the victim no reason to doubt their credibility.

4. It mimics the real-life renewal procedure

Email renewal messages are something that consumers, employees, and decision-makers receive regularly. Many people rely on reminder email to keep track of subscription renewals, which the criminals exploit to devastating effect.

5. It triggers immediate action through a sense of urgency

By including a due date with the renewal request, the cyber criminals create a sense of urgency in the target. The email subtly puts pressure on the recipient to act immediately so they can’t investigate whether the messages are legitimate.

How to Protect Your Data from Phishing Attacks: Tips for Cyber Security Leaders

Being proactive is key to limiting a companies’ exposure to malicious entities trying to phish for confidential information.

To protect your organization’s data from phishing attacks, cyber security leaders can take several measures to keep confidential information safe:

1. Educate your employees about phishing threats

Educate your employees and especially system administrators about what phishing attempts are, and use phishing simulation tools to increase their awareness and help them detect phony email when they receive them.

2. Use security awareness training and phishing awareness training

Provide ongoing security awareness training and phishing awareness training to keep phishing and social engineering threats top-of-mind for employees. Making regular training a part of your enterprise will ensure employees stay up to date with the latest threats.

3. Train internal cyber security ambassadors to encourage phishing awareness

Designate a couple of your team members as cyber security ambassadors and implement a training and mentorship program that supports their security awareness training efforts. Once the ambassador program is established and your initial wave of participants are certified, monitor their progress, and formalize the necessary tweaks.

4. Establish ongoing cybersecurity and phishing campaigns

Send out ongoing communications to employees about cybersecurity best practices and updates on phishing risks, so they stay equipped to manage the latest threats. For example, you could send out regular email on how to set strong passwords or reminders of the risks that come with malicious attachments, email, and URLs.

5. Keep all IT systems maintained and secure

Protect your IT systems by ensuring that all software, applications, and operating systems are kept up to date. Regularly patching software and deploying malware protection or anti-spam software will help to limit entry points for potential hackers.

How to Protect Your Data from Phishing Attacks: Tips for Employees

Here are some phishing email detection and protection best practices that every member of your organization’s team must keep in mind:

1. Don’t open email from unfamiliar senders or organizations

Never open messages that originate from individuals or organizations that you don’t recognize. Be on the lookout for email sender red flags, such as a lack of contact information or a generic message greeting such as “Dear Sir” or “Dear Madam.” Don’t just look at the name of the sender, inspect the actual email address contain the @ sign.

2. Never click on links you don’t trust

Be wary of any links included in email you receive from unfamiliar sources. The webpages you may be redirected to as a result can be unsecured and potentially infected. Verify the validity of any in-text links before clicking on them by hovering your cursor over the hyperlinked text and checking the URL. If you’re uncertain, visit the official website by entering the address manually or via a bookmark.

3. Inspect the email text for suspicious elements

When you receive an email from an unrecognized source, always read the message carefully before acting. Look for spelling and grammatical errors, as well as formal or urgent language. If there are lots of typos or other suspicious elements, report the email to your IT department right away.


The Microsoft Office 365 phishing scam will not be the last cyberattack of its kind. Cyber criminals are coming up with new ways to trick employees into giving up sensitive information every day, and the most effective way to combat these threats is with ongoing education.

The knowledge of your employees is your number one cybersecurity asset. Taking the time to educate them about threats like spoofed email will lower the risk of falling victim to fraudsters.


Gone Phishing Tournament

Find Out Which Employees are Prone to Phishing Attacks

For actionable insight into how your organization’s phishing click rate stacks up against your peers, sign up for free for the 2020 edition of the Gone Phishing Tournament™!