---
title: "Learn About the Latest Office 365 Phishing Attack Scheme | Phish Protection"
description: "Phishing is a sort of attack in which you are tricked into supplying sensitive information in response to a fake message containing malicious links."
image: "https://phishprotection.com/og/blog/latest-office-365-phishing-attack-scheme.png"
canonical: "https://phishprotection.com/blog/latest-office-365-phishing-attack-scheme/"
---

Quick Answer

\[Microsoft revealed\](https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/) that there had been a growth in recent \[phishing email\](/blog/sophisticated-new-tactic-makes-phishing-emails-harder-to-detect/) campaigns that use redirecting links combined with CAPTCHA and legitimate appearances, targeting Office 365 accounts. As Office 365 is one of the most widely used cloud business services, \_threat actors target Office 365 users to extract sensitive information\_ to penetrate business organizations and access their information systems.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Flatest-office-365-phishing-attack-scheme%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Learn%20About%20the%20Latest%20Office%20365%20Phishing%20Attack%20Scheme&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Flatest-office-365-phishing-attack-scheme%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Flatest-office-365-phishing-attack-scheme%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Flatest-office-365-phishing-attack-scheme%2F&title=Learn%20About%20the%20Latest%20Office%20365%20Phishing%20Attack%20Scheme "Share on Reddit") [ ](mailto:?subject=Learn%20About%20the%20Latest%20Office%20365%20Phishing%20Attack%20Scheme&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Flatest-office-365-phishing-attack-scheme%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/12/email-phishing-protection-7768.jpg) 

_Phishing is a sort of attack in which you are tricked into supplying sensitive information in response to a fake message containing malicious links_. [Phishing](/resources/what-is-phishing/) is when a fraudster convinces you to do anything that provides them access to your devices, accounts, funds, or confidential information.

[Microsoft revealed](https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/) that there had been a growth in recent [phishing email](/blog/sophisticated-new-tactic-makes-phishing-emails-harder-to-detect/) campaigns that use redirecting links combined with CAPTCHA and legitimate appearances, targeting Office 365 accounts. As Office 365 is one of the most widely used cloud business services, _threat actors target Office 365 users to extract sensitive information_ to penetrate business organizations and access their information systems.

### Modus Operandi of The Latest Office 365 Attack(s)

The latest attacks are designed to trick users by appearing to have come from Microsoft’s official sources. For instance, some ask you to review spam messages along with a link. The link, once clicked, redirects you to another page that looks like [Microsoft’s Security Center](https://docs.microsoft.com/en-us/microsoft-365/security/defender/portals?view=o365-worldwide) and asks you to enter your login credentials. Subsequently, the site sends your login information to the mastermind of the **phishing attack**.

![Email phishing protection](https://media.mailhop.org/phishprotection/images/2021/12/email-phishing-protection-7768.jpg) 

### Latest Attacks Sophisticated And Dangerous: Says Microsoft

> “Microsoft’s built-in phishing protection in Office 365 catches the obvious attacks, but it consistently misses targeted spear phishing and zero-day threats. We see this every day - customers come to us after an incident that Microsoft Defender didn’t catch. Adding a dedicated anti-phishing layer takes five minutes and closes that gap.” - **Adam Lundrigan**, CTO, DuoCircle

Microsoft’s Security Intelligence [provided a deep look](https://twitter.com/MsftSecIntel/status/1421232634357714947) at the hazard these crafty **phishing emails** can cause your organization as these are more sophisticated than regular phishing attacks. You can recognize these phishing emails with the below-mentioned three main attributes:

- **_Referrals:_** The phishing email’s address uses many domains, including “.com” and usage of the word “referral” and its synonyms.
- **_SharePoint lure:_** The phishing emails use a supposed file share request with a malicious link.
- **_Dual URLs:_** The phishing emails contain [multiple URLs](https://winbuzzer.com/2021/12/06/microsoft-office-365-targeted-by-new-phishing-attack-xcxwbn/) pointing to Google storage resources. The second URL is hidden between notification settings and redirects you to a SharePoint page. Both these URLs require user logins.

The complicated structure and the social appearance of regular and trustworthy web pages make this particular phishing campaign’s attacks fatal in a large [BEC (Business Email Compromise)](/content/business-email-compromise/) phishing scheme. These attacks target high-level accounts and administrative emails. 

With such _planned and sophisticated phishing emails on the rise_, your organization must implement the best **anti-phishing solutions** and [anti-malware](/products/malware-and-ransomware-protection/) to prevent them.

### Examples of Recent Phishing Attacks Involving Office 365 Users

Here are a couple more examples of how threat actors are leveraging phishing to target office 365 users:

#### Phishing Attacks on the US Universities

Threat actors are sending [malicious phishing emails](https://www.bleepingcomputer.com/news/security/us-universities-targeted-by-office-365-phishing-attacks/) providing information on the Omicron variant of Covid-19, testing for the same, and changes in lecture schedules to US University students. The **phishing link** redirected students to a crafty login page designed with the theme of their university to get access to students’ login credentials. These pages also included fake MFA (Multi-factor authentication) verifications to take over the student accounts.

#### Phishing Attacks Targeting Financial Executives

[Area1 Security’s report](https://www.area1security.com/blog/microsoft-365-spoof-targets-financial-departments/) revealed how Microsoft [Office 365 phishing emails](/blog/latest-ms-office-365-phishing-scams-to-be-aware-of/) target financial departments and C-suite employees. These phishing emails included malicious emails designed as Microsoft service updates, paired with Microsoft-themed sender addresses and attached **ransomware files**. These emails contained phishing links that redirected to policy upgradation pages, including the organization’s name, email, and logo, asking to apply the security update, which required login. The phishing emails also contained HTML and HTM attachments that loaded the fake web pages using Javascript’s escape functions.

![Office 365 Phishing Protection Key Statistics](https://media.mailhop.org/phishprotection/images/2021/12/Office-365-Phishing-Protection-Key-Statistics.jpg) 

### How Can You Protect Your Organization Against Such Phishing Attacks?

There are numerous ways your organization can ensure email [phishing protection](/). Some of these ways include:

#### Recognizing phishing emails

Phishing emails can be identified as they have some peculiar aspects. You can recognize **phishing emails** as they usually contain unusual links, use [domain spoofing](/content/domain-name-spoofing/) (using a name similar to commonly accessed domains), and use duplicate templates of official messages or emails you might have previously received. As discussed above, the latest [Office 365 phishing emails](/resources/exploring-office-365-phishing-protection-updates/) contain referrals, SharePoint lures, and dual malicious links easily identifiable if you are cautious.

#### Training employees

Identifying phishing emails and malicious links extend to the organization’s employees as they use emails more in their daily tasks. [Educate employees](/products/phishing-awareness-training/) on spotting phishing emails by checking for spelling mistakes, infrequent senders, generic greetings, and suspicious attachments. Furthermore, reporting fake links or clients and holding awareness sessions that provide insight into anti-phishing and [anti-ransomware solutions](/products/malware-and-ransomware-protection/) and their needs provide an additional **defense against phishing** emails.

#### Browser Add-ons

With advanced cybercrimes, defenses against them are also getting sophisticated. Your organization can certainly benefit by including browser add-ons of [anti-phishing solutions](/) for additional protection. Several **anti-phishing** toolbars are available that can [identify](https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams) and mark phishing emails your organization receives.

#### Office 365 Advanced Threat Protection

Microsoft’s Security Intelligence team also [summarized](https://twitter.com/MsftSecIntel/status/1421232643555827717) how Microsoft Defender for Office 365 could detect and block these latest [Office 365 phishing emails](/office-365-phishing-protection/). Your organization will benefit by adding [Microsoft’s Anti-phishing protection](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-protection?view=o365-worldwide) with Windows Defender. It provides Spoof Intelligence, Tenant Allow/Block List, Implicit Email Authentication, Anti-phishing Policies, [Attack Simulation Training](/products/phishing-simulation/), among other crucial safety measures against phishing emails.

### Final Words

While cybercrimes and Office 365 targeted phishing attacks rise, the tactics listed above provide a solid defense against them. These methods can help secure sensitive and business-critical data from deliberate and accidental breaches. _Protection against the growing phishing email threat needs to be a priority for your organization_ so as not to let data breaches caused by **phishing attacks** disrupt business operations. In today’s uncertain world of cybercrime, you can **ensure the security** of your organization’s information assets by making use of all aspects of the PPT (_people, process, and technology)_ triad.

## Topics

[ Office 365 ](/tags/office-365/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 10m  Comprehensive Email Virus Protection For Office 365 Users  Oct 15, 2025 ](/blog/comprehensive-email-virus-protection-for-office-365-users/)[  Intermediate 4m  Do I Need Third-Party Phishing Protection for Office 365?  Aug 11, 2018 ](/blog/do-i-need-third-party-phishing-protection-for-office-365/)[  Intermediate 4m  The Latest MS Office 365 Phishing Scams To Be Aware Of!  Feb 17, 2021 ](/blog/latest-ms-office-365-phishing-scams-to-be-aware-of/)[  Intermediate 4m  O365 Phishing Attack: Why Your Organization Needs To Pay Attention To What Microsoft Has To Say  Aug 17, 2021 ](/blog/o365-phishing-attack-organization-pay-attention-to-microsoft/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Learn About the Latest Office 365 Phishing Attack Scheme","description":"Phishing is a sort of attack in which you are tricked into supplying sensitive information in response to a fake message containing malicious links.","url":"https://phishprotection.com/blog/latest-office-365-phishing-attack-scheme/","datePublished":"2021-12-15T14:19:19.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-12-15T14:19:19.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/latest-office-365-phishing-attack-scheme/"},"articleSection":"intermediate","keywords":"Office 365","wordCount":932,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/12/email-phishing-protection-7768.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Learn About the Latest Office 365 Phishing Attack Scheme","item":"https://phishprotection.com/blog/latest-office-365-phishing-attack-scheme/"}]}
```