top of page
  • Admin

Microsoft 365 User PII Theft Possible With New Malicious-Link Phishing Attack

Published: July 04, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

Friend to cybercriminals and delivery vehicle for 90% of all cyberattacks, a new email phishing campaign is making waves. The campaign targets Microsoft 365 users to steal their credentials and identity, among other things. Spotting the red flags of this phishing campaign can help MS 365 users stay clear of this latest exploit.

How this MS 365 Phishing Attack Unfolds

Researchers at Trustwave first discovered this phishing campaign and share what they’ve learned. Using a previously stolen MS 365 email address, the email has an encrypted attachment created with Microsoft’s own Rights Management Services (RMS) service. The email message tells the user their login credentials are needed to read the attachment so the hacker can promptly steal them.

The user is then redirected to Adobe’s InDesign messaging where a bogus SharePoint document is waiting with text reading “Click Here to View Document.” Once clicked, the user is redirected to a blank web page having only a “loading” message. The message is there to distract the victim while in the background, malicious script is busy stealing sensitive data.

Fake Website Red Flags

Like many email phishing campaigns, this one uses fake websites to trick users into giving up their PII. Here’s what to look for:

  • Web page redirecting. Redirecting happens when you’re sent to bogus web page by hacker design. It may look like what you expect, but it’s there to steal your PII.

  • Web page “spoofing” is the act of cloning a webpage. Check for fuzzy logos and other poor graphics, awkward grammar, and typos.

  • Different URL spelling. A subtle URL spelling difference might be unnoticeable at first glance, but that slight change in the URL redirects you to a spoofed page. Always take a few seconds to carefully check the spelling before going forward.

MFA is the Way

MFA (multi-factor authentication) helps prevent your account and identity from being stolen by adding an extra verification layer to logins. The added step sends a numerical code to the account holder via text or email. Only the user has the code which is required to log in. Even if a hacker steals your login credentials, MFA stops them from getting into your account. Always enable MFA when available.

This latest phishing exploit has layers that happen laser-fast. The key to safety is knowing ahead of time what the red flags look like and adding MFA to logins. It’s the best way for MS 365 users to spot this phishing campaign and bail before they get hooked.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at


bottom of page