Security Advisory: New Phishing Tactics Being Used to Access Office 365 Accounts

St. John’s University’s Office of Information Technology is currently investigating the latest tactic used by cyber attackers to trick people and obtain access to their important accounts. To put it simply, these cybercriminals have devised a new way to try and get users to give them access to their Office 365 accounts.

Here’s how it works: A phishing email is sent to you appearing to come from a trusted source. Within the email there is a link to a fraudulent web page, seemingly appearing to be a legitimate webpage like Microsoft Outlook. The link on this fraudulent web page is a file, which might look like a regular document or a voice message. If you were to open this file, a web page that looks like Microsoft Outlook appears—however, this is in fact a trap to steal your Microsoft 365 account information.

We take your security very seriously, so please be extra careful when you’re asked to enter your login details anywhere online. Please do not click on, launch, or open any links directly from email unless you are 100 percent sure they are from a trusted source. If you are unsure, you can always double check by hovering over the link to see the actual URL prior to clicking.

Please refer to the “Learn to Spot a Phishing Message” section of the “Protect Yourself from Phishing” article. You can also report any suspected phishing emails directly from within Microsoft by clicking on the “Report Message” button in Outlook.

If you have any questions, please contact the University’s Office of Information Technology at ithelp.stjohns.edu or 718-990-5000 (x5000).