ISC Stormcast For Monday, April 8th 2019

Fake Office 365 Payment Information Update

Published: 2019-04-07
Last Updated: 2019-04-07 19:15:57 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

If you currently have Office 365, watch out for fake request with a Subject of "Action required: Update your payment information now" and with sender: "Microsoft Online Services Team". Over the past few weeks I have received several of these emails which looks quite legitimate. Here is an example:

However, a quick review of the embedded URL shows this is spam if your email program didn't already categorize it as such [1]. The URL is no longer active but domain ( tracked by ransomware tracker is associated with Locky malware.

Refer to a recent posting from Microsoft [3] that describes how Office 365 mitigates against phishing attacks. A valid message from Microsoft would look like item #2 "Microsoft account security code".


Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

2 comment(s)


Diary Archives