Phishing attacks have now progressed toward becoming something of a day by day event for some. However, the motivation behind why these noxious attacks stay abundant lies in their resourcefulness. In time, we know about a clever phishing method that includes technical support as well. We are talking about an Office 365 phishing campaign that scams users by providing live chat support.
A security researcher Michael Gillespie has recently unveiled a phishing campaign that exploits Microsoft Office 365. However, it doesn’t focus on any MS Office tool or feature, rather the phishing comes up as a technical support scam. Michael Gillespie, the maker of ID Ransomware, first found this Office 365 phishing scam. He at that point shared his discovery publicly through a tweet.
Deceptive technical support website for Microsoft Office 365 after the victim got a spam email from a phony Microsoft account. The email supposedly cautioned victim for renewing Office Suite membership. In any case, the researcher detected that phony email address that goes firstname.lastname@example.org. Here, “officefamily” may trick a few users to the authenticity of the email.
After clicking on the provided link, the researcher reached a deceptive technical support site “mso365[.]tech”. As perceived, the website had a poor structure that won’t generally trap any clever Office365 user. However, what made this site attractive was the presence of a live chat support option powered by tawk.to.
Tawk.to Banned the Scammers
After Gillespie reached the scan website and saw the chat support, he thought to give it a try. He at that point chatted with the supposed chat agent just to discover his speculations right. As revealed, the con scammers requested that he give his email address and record details to offer help. however, the supposed chat agent finished the moment the minute Gillespie typed in his message “Yes. This site is a phishing scam.”
Gillespie brought this issue to the notice of tawk.to, who then banned the ‘bad actor’. However, they were quick to go live again. Once again, the researcher interacted with their live support and found that the scammers are currently intense on obtaining phone numbers.
Gillespie at that point revealed tawk.to once again. As a result, tawk.to banned the domain of the scammers at once. In any case, it doesn’t demonstrate that the scammer won’t come strongly once more. Therefore, one should be very careful while clicking on links given in emails, and while communicating with any online tech support.