First Email Scam Directed at Office 365

Tony Redmond

by Tony Redmond on 9/1/2016

Share this:

Article Details

Date Revised:

Applies to:
Exchange Online Protection, mail hygiene, Office 365, Scam, SmartScreen

News about the first email social engineering attack against Office 365 came alongside Microsoft’s announcement that the anti-spam SmartScreen technology is being deprecated. Stay safe people!

Everyone’s coming back from vacation and probably needs a little time to get back fully into the swing of things. While you’re easing into the depths of your Inbox, be aware that a new scam that attempts to lure Office 365 users to reveal their account credentials is circulating.

First revealed by MVP Brian Reid of C7 Solutions in the UK, who knows his way around Exchange transport and security, the scam exploits social engineering techniques by sending a message that appears to come from the Office 365 administrators to ask the recipient to sign in to the “Office Portal” (Figure 1). The link in the message brings them to a non-Microsoft site where their credentials are gathered using a log-in screen resembling Outlook Web App (OWA).

Figure 1: Click here for happiness

This development comes hot on the heels of Microsoft’s announcement that they are deprecating the SmartScreen anti-spam technology. Anti-spam filter updates will cease from November 1, 2016 and leave Outlook clients and Exchange servers looking for a replacement if they are not already protected by other means.

The logic advanced is reasonable in that Office 365 users are protected against spam by Exchange Online Protection (which curiously did not pick up the scam email reported above) and that users of other email systems, including on-premises Exchange, are probably protected by Exchange Online Protection or another email hygiene service.

Microsoft reckons that SmartScreen is obsolete technology and they are probably right. The notion of being able to repel threat through the distribution of updated filters belongs in a gentler age when new threats and attack vectors did not appear as quickly as they do now. SmartScreen, which originally came from the Hotmail service, served a purpose when it was released in 2003. Thirteen years later, attack techniques can morph in minutes and spam filters are rendered obsolete before they ever reach a customer.

All technology reaches the end of its usefulness. I don’t think that many will mourn the passing of SmartScreen, not least because users probably don’t realize what it does. In any case, cloud-based scanning is the way that inbound email streams should be examined and cleansed. It just makes sense.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.


Topic: Office 365

Sign in with

Or register

  • I not only pay for Office 365''''s Advanced Threat Protection (ATP) as the Exchange Online Protection is somewhat lacking, I also pay for a 3rd party cloud mail filter as ATP is also very hit and miss. Safe links also has issues, see: ( Phishing emails need to been taken more seriously by Microsoft, until then I have to recommend 3rd party cloud mail filters and archiving solutions when talking about Office 365.
  • Unfortunately, not only EOP even ATP safe links did not catch the email scam. Is there a fix from Microsoft? Why is Microsoft not proactively warning people - nothing on the office blog?