The credentials entered into the imitated login page are then checked in real-time and, if they are valid, hackers can immediately sync the user’s emails to a remote client. However, the hyperlinked text within the email contains a malicious URL address.
To add authenticity, the cybercriminals use a domain and a valid Microsoft SSL certificate. The emails, which address time-sensitive issues such as expired licenses and unauthorised access alerts, aim to create a sense of urgency and immediate action to prompt the administrator to enter their Microsoft login credentials into a phishing landing page. Microsoft Office 365 users have been the target of a sophisticated phishing scam which sends fake alerts to domain administrators, in a bid to compromise their accounts.