Retarus alert: Bogus Microsoft 365 emails in circulation

Milano, 21/02/2018 // The security experts at Retarus are cautioning users about a particularly sneaky wave of phishing attacks: Personalized phishing mails with a deceptively realistic Microsoft design and layout are currently doing the rounds, amongst other things requesting recipients to enter and confirm their passwords. Retarus is therefore advising users to check any links contained in such messages with the utmost care. Additional protection is provided by special email security solutions which boast comprehensive filtering of phishing messages and the latest advanced threat protection functions.

The phishing email currently circulating has the subject line “Update Your Account Information To Avoid Service Suspension” and purports to be from the sender “Microsoft 365” (@office.com). In the email, recipients are instructed to update their user details stored with Microsoft 365. The link contained in the message leads to a website which resembles that of Microsoft with deceptive accuracy. The exceptional feature of this attack is that the email makes a credible impression by requesting that users enter their passwords twice for verification. The fraudulent emails moreover resemble the genuine message both optically and in terms of the contents. They are formulated using correct language and contain a plausible sender address as well as authentic logos, fonts and colors. Those entering their login details are opening their Microsoft 365 accounts to the online fraudsters, including all data and documents that it contains.

Increased vigilance and advanced threat protection for optimum security

To safeguard against the dangers posed by these types of phishing attempts, increased vigilance and close attention to the plausibility of the message are essential. In the business environment, companies should sensitize their employees about dealing with emails that request user details without authorization. The linked destination address should be checked carefully. It is also possible to check the authenticity of the referenced website by means of the encryption symbol in the address field of the browser. For Microsoft 365 users, when in doubt it is advisable to enter the Microsoft web address manually into the browser and log into the customer area there.

In addition to raising awareness, professional email security services also assist in protecting companies from such phishing attacks. Specialized providers like Retarus augment their filter rules continuously ensuring that they remain updated at all times. At the same time, innovative mechanisms such as Retarus‘ Advanced Threat Protection examine all links contained in emails, for instance through time-of-click protection, each and every time they are clicked on and compare them in real-time with pertinent phishing databases. In this way, clicks made within dubious emails are intercepted effectively, while the user receives a security alert.

Informazioni su Retarus

Retarus è un provider globale di soluzioni cloud in grado di modernizzare e proteggere la comunicazione digitale e lo scambio di dati di aziende e autorità pubbliche. I prodotti principali comprendono il Cloud Fax digitale, SMS, Transactional Email, Email Security, Supply Chain Integration e Intelligent Document Processing. Retarus dispone di data center distribuiti in tutto il mondo, che forniscono queste soluzioni con i massimi livelli di performance, sicurezza e protezione dei dati. Retarus, con sede a Monaco di Baviera, è stata fondata nel 1992, è gestita dai proprietari ed è orgogliosa della sua forza innovativa. L'azienda impiega circa 500 persone in 20 filiali su cuattro continenti. Oltre la metà delle aziende quotate nell'S&P Global 100 si affidano a Retarus e, al pari dei principali analisti, confermano l'eccezionale qualità e affidabilità dei suoi servizi. Retarus offre i suoi prodotti in modo diretto e in stretta collaborazione con partner selezionati. Per ulteriori informazioni, visitare il sito: www.retarus.it