How are Scammers Using Microsoft Office 365?
Spammers, scammers and cybercriminals are signing up for Office 365 accounts, creating email addresses and websites, and are using them to send spam and malicious email messages to their potential victims.
Here is an example:
The following fraudulent email message was sent to a potential victim; luckily she sent it to us to determine if it is legitimate:
Subject: Attn:This Is My Second Email, Please Respond
From: Ahmed Mohamed Ahmed01@lawoffice2013 .onmicrosoft.com
The cyber-criminals responsible for the fraudulent email created a website name or subdomain under “onmicrosoft.com” called “lawoffice2013”. The website or subdomain name looks like the following:”lawoffice2013.onmicrosoft.com”
Then they created the email address “Ahmed01@ lawoffice2013.onmicrosoft.com” from the website or subdomain name. Once the email address has been created, they then send the spam and malicious email message above from it.
Cyber-crooks are using different website or subdomain names, so look out for suspicious email messages that are sent from email addresses ending with “onmicrosoft.com.” A lot of recipients of the spam and malicious email messages sent from Microsoft Office 365 or OnMicrosoft.com accounts created by scammers, cybercriminals or spammers, will think the email messages are legitimate because they are coming from “onmicrosoft.com,” which is owned and operated by Microsoft.
So, recipients of suspicious email messages that are sent from onmicrosoft.com or other email addresses, should never click on links in the suspicious emails to sign into their online accounts, should never send money or their personal information if they are asked to do so by suspicious emails, and should never respond to suspicious email messages.