A recent phishing campaign looks incredibly believable. It impersonates Microsoft and Office 365 by spoofing their emails and login page. Victims unwittingly hand over their Office 365 credentials, and everything grows worse from there.

How This Office 365 Phishing Campaign Works

This phishing campaign starts with an email related to a problem with your Office 365 account. This problem requires an admin’s attention. The link in the email leads to a very convincing Office 365 login page.

Office 365 Phishing Site

Once the admin logs in, the attacker doesn’t just have valid Office 365 credentials. They have administrative credentials that grant them control over all email accounts for that domain. As a result, the attacker can begin accessing user emails or taking advantage of single-sign-on systems.

To make matters worse, attackers can use the domain to send out a new wave of attacks. Using validated domains allows them to bypass Office 365 spam filters. That’s played a major factor in the success of this campaign.

Campaign Warning Signs

Knowing what to look for can keep you from becoming the next victim. Here’s everything we know so far.

Email Content

As we just mentioned, this message likely won’t be flagged as spam. It looks similar to the one below.

Office 365 Phishing Targeting Admins


The sender varies, but they follow the format below. The domain variables change with each account.

  • “Services admin center”<MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@redacted.com>

Email Subject Line

So far, researchers have only seen two subject lines.

  • Re: Action Required!
  • Re: We placed a hold on your account

Phishing URLs

The links in the email typically lead to these two URLs:

  • http://www.clinicaccct[dot]com/srvt/index.php?m=redacted@email.com
  • http://www.aranibarcollections[dot]com/srvt/index.php?m=redacted@email.com

Prepare & Prevent Phishing

Take some time to train your employees on phishing campaign indicators. Read our posts: 2019’s Latest Phishing Tricks & 5 Tips to Recognize Phishing Emails. Both help readers learn to recognize a phishing email. Simple preparation can prevent your organization from becoming the next victim of a phishing attack.

Looking for More Tips?

Blog posts with various IT tips and news are released every Friday. We publish new episodes of Tech Tip Tuesday as often as we can. You can view previous episodes in our Tech Tip Tuesday library.  Click the Sign Up or Subscribe button on this page to subscribe and receive every tip directly in your inbox each week.  Pit Crew IT Services can also help your organization with any IT needs you might have.  Get started with a free consultation using the button below.

Get a FREE IT Consultation!

Start Now