The "Office 365 Password About to Expire" Phishing Scam
Microsoft users, if you have received the "Office 365 Password About to Expire" email message, see below, claiming that your account's password is about to expire, is a phishing scam being sent by cybercriminals and not by Microsoft. The fake email message is being sent by cybercriminals who are attempting to frighten and trick the recipients into clicking on the link within them. The link goes to a phishing website or a fake website looking like Microsoft’s website, created by cybercriminals to trick potential victims into entering their Microsoft account usernames and passwords on it, by asking them to sign in. But, any attempts to sign in to the fake website, will result in the victims’ Microsoft account usernames and passwords being sent to cybercriminals.
The "Office 365 Password About to Expire" Phishing Scam
From: security@office.online.com - security@office.online.com
Sent: Monday, April 1, 2019 7:49 PM
Subject: Office 365 password about to expire
Office 365 News and Updates
Mailbox Account Password About To Expire?|?View this email in your browser.
Major update: Mailbox Account Password About To Expire
Applied to: All Customers
NOTE: Mailbox Account Password About To Expire
Your Office365 account password is set to expire in 10 day(s), on April 6th, 2019. Once it expires, you won't be able to login to your account. To avoid any access issues, we strongly suggest that you update your password before it expires by accessing the link below:
Office 365 Admin center
To customize what's included in this email, who gets it, or to unsubscribe, set your Message center preferences. If you are receiving this email because your Admin added you as a recipient, please contact your Admin to unsubscribe.
Edit release preferences Choose the release track for your organization. Use these settings to join First Release if you haven't already.
3ficrosoft respects your privacy. To learn more, please read our Privacy Statement.
.1vhcrosoft Corporation One lificrosoft Way Redmond, WA, USA 98052
Once cybercriminals have gotten their potential victims’ account credentials (usernames and passwords), they will use it to hijack their Microsoft accounts and use them fraudulently. Therefore, recipients of the phishing email message (see below) who were tricked into clicking on the link within it and have attempted to sign into the phishing or fake website that they were taken, are asked to change their Microsoft account passwords immediately, before they are hijacked and used fraudulently by cybercriminals.
Microsoft users should never click on a link to sign into their accounts, they should instead, go directly to https://account.microsoft.com/ and sign-in from there. If there is something that needs to be done to their accounts, they will be notified. This is will prevent Microsoft users from visiting phishing websites disguised as legitimate Microsoft website that steals account credentials.
Check the comment section for additional information, or share what you know or ask a question about this article, by clicking the 'View or Write Comment' button below.
Note: Some of the information in samples on this website may have been impersonated or spoofed.