Microsoft 365 users are being targeted by an emerging email phishing campaign with the goal of obtaining Office 365 credentials. Targets include, but not limited to, top level executives and senior level staff. Users are asked to click on a fake voicemail attachment and “review secure document”. Users are subsequently re-directed to a fake reCAPTCHA screen. After completing the reCAPTCHA challenge, users are re-directed to a fake Microsoft login screen and asked to input their Office365 credentials. Once this step is complete, users are greeted with a “validation was successful”.

Office365 and Phishing – Am I at risk?

Companies leveraging Office365 services should be aware and on alert for Phishing schemes. Phishing attack vectors often fly under the radar and fall outside of virus and malware protection. Users should be educated, alerted and on the lookout for potential phishing scams and how to avoid those threats.

Office365 – Next steps: Security/MFA (Multifactor Authentication)
Password change:

It is highly recommended to login using your existing credentials and change your password to a complex passphrase immediately if you discover a user account has become compromised. In addition, it is strongly suggested that you pair Office365 with Two-factor authentication which will greatly minimize the success of phishing attacks geared towards capturing user passwords and credentials.

For more information, please regard the following link Office365 Phishing Threat

LBMC can help your organization defend against cybersecurity attacks. We have information security services and managed IT solutions to improve your security posture. If you have questions, please call (615) 377-4600 or email