Office 365 – The real-time phishing scam hitting your inbox

Office 365 – The real-time phishing scam hitting your inbox

Published January 15, 2020

When you receive an email from somebody you trust – be it family, friends or long-time clients – it’s natural to assume it’s genuine. And it’s this built-in trust scammers are looking to exploit.

It’s easy to get caught out

Recently an email landed in the React inbox from a valued client with a link to a folder they had created in Office 365. And it arrived from the client’s actual email address so, on the surface, everything looked fine.

real time phishing scam

Alan, our team member who had opened it, suspected it was a spam email. However, to make sure we weren’t ignoring an important message from the client, Alan decided to investigate further.

Instead of replying to the suspected spam message, assuming it may be monitored, he fired off a new email to the customer asking if the email was genuine and, if not, was he aware he was sending out email invitations.

Within minutes, Alan received a reply – “Yes i sent you this… Kindly view with your contacted email”. Confirmation the email was genuine. Or was it?

If something feels wrong, it probably is.

Alan read the email, but it didn’t feel like their usual reply, due to:

1. The one-line response
2. The lower-case ‘i’
3. The unusual ‘contacted email’ phrasing, and
4. The lack of email sign-off

So, Alan called the client to ask if he’d sent an email regarding a file share. The client not only answered that they hadn’t sent an email sharing a file, but they’d neither received Alan’s email requesting confirmation or replied to it.

The customer was worried, so asked us to check his account and when we did we discovered forwarding rules set up which allowed a hacker to view the emails. But the most concerning part was the ability for a hacker to read a completely separate, new email and reply in real-time.

And our customer isn’t alone. It’s just one of many similar incidences springing up around online – and the second such incident React encountered that week.

What are they after?

This latest phishing scam is hugely sophisticated, not only targeting the usernames and passwords of unsuspecting recipients but as they’re coming from ‘safe’ email addresses, Antivirus and Spam filters won’t pick them up.

Once you click the link from what you believe to be a known source, the hackers not only have your Office 365 login details and any sensitive information therein, but they also gain full access to your address book – allowing them to target all your contacts until they find somebody with authorisation to make bank payments.

What can you do to make sure you aren’t caught out?

Protecting yourself from phishing scams.

The first step in protecting your business and personal inbox is to regard all emails with links and attachments with suspicion – regardless of who sent it.

Whenever you receive an email, ask yourself:

1. Do they usually email you?
2. Is it written differently from their usual style?
3. Are there quirks in grammar?

Two-step verification

You could also request all your contacts send you a secondary confirmation whenever they send you a genuine link or attachment, and this can be something as simple as a phone call, text or WhatsApp message. And to make sure your inbox is fully protected it’s advisable to set up a two-step verification process also, so should you fall foul of a phishing scam, once the hackers input your login details, either:

– You’ll receive a message notifying you to confirm a login, or
– The hacker will have to answer a private security question only you know the answer to

By putting these precautions in place, even if you are caught out by a scam email, you’ll protect your inbox from spreading it further.

Beware the “urgency”

The sophistication of some real-time reply phishing scams makes them easy to fall for, whether you’re tech-savvy or not. And as many of these scams are written with a sense of urgency, it can make the reader feel they need to act on the request before they’ve had time to digest whether it’s real or fake.

So, the next time you receive an email from a trusted source asking you to click a link or download an attachment urgently, regardless of who it’s from, make sure you ask them to confirm it’s genuine via two-step verification process.

Want to discuss your IT security strategy?

Call React now on 01394 387337

Contact us


Published January 15, 2020

Sign up for


Scroll Down