New York company by the name of Avanan discovered a phishing scam that targeted Office 365 users. The scam used the attack method known as Punnycode. Scammers behind Punnycode have been able to hack Office 365 users by sending them fraudulent emails. The emails they sent included a link to a fake Microsoft website. When users arrived to the website, they were asked to enter their account information. Scammers designed the fake website with the Microsoft logo. Including the Microsoft logo made the website appear legitimate. Because of this, many users logged in before realizing it was a scam.
There were several different types of emails that Punnycode used in this scam. Some users received emails from FedEx. These emails claimed to have links to tracking numbers. When users clicked the links, they were asked to first log in to their Office 365 account. After users logged into the fake website, Punnycode had access to all of their account information.
Avanan, the company who discovered this scam said that Punnycode shows that “hackers are shifting their focus.” The focus has shifted from personal accounts to corporate accounts. This is why Office 365 was the target. Office 365 caters to businesses and corporations. When an Office 365 account information is stolen, hackers have access to a lot of a business’ information. Some of the
data they can access includes address book contacts, SSNs, and credit card numbers. Hackers can also install dangerous software to a users computer with this information.
This type of scam is not always detected by email company providers. Office 365 users are urged to take precaution when reviewing emails with links included.