Attackers use simple cause for concern as the basis of a scam intent on tricking victims into offering up their Office 365 credentials.

A very official-looking email is making the rounds, taking advantage of the approximately 50% of companies today using Office 365. And it’s not surprising, as Microsoft is the most impersonated brand in phishing attacks today. According to a recent article at Bleeping Computer, this attack takes advantage of the victim’s worry about files being deleted. Creating a sense of urgency is a common tactic in phishing emails, as it is sufficient to get recipients to move into action.

Upon clicking the email, users are presented with a similarly realistic-looking Office 365 logon page:

Note the URL in the image above – while looking like the real thing, it’s most-definitely not from Microsoft, but does use a context-signaling domain of windows.net. Scams like this seek to capture user credentials to either be sold on the Dark Web or to further a more complex fraud or data theft attack on an organization.

h/t KnowBe4