Phishing attacks have now become something of a daily occurrence for many. Yet, the reason why these malicious campaigns remain successful lies in their creativity. Once again, we hear of a creative phishing technique that involves tech support as well. We are talking about an Office 365 phishing campaign that cons users by providing live chat support.
Office 365 Phishing Site Offers Live Support
A security researcher Michael Gillespie has recently unveiled a phishing campaign that exploits Microsoft Office 365. However, it does not target any MS Office tool or feature, rather the phishing comes up as a tech support scam.
Michael Gillespie, the creator of ID Ransomware, first discovered this Office 365 phishing scam. He then shared his discovery publicly via a tweet.
Whoa whoa whoa. Since when does a @Office365 #phishing page have fucking live support?? https://mso365[.]tech using @tawktotawk. Full run on @anyrun_app: https://t.co/uXGo78Ud3W – he closed the chat after my last message ? pic.twitter.com/sMa52adHgm
— Michael Gillespie (@demonslay335) February 21, 2019
According to Bleeping Computer, Gillespie came across a fake tech support website for Microsoft Office 365 after he received a spam email from a fake Microsoft account. The email allegedly alerted him for renewal of his Office Suite subscription. However, the researcher spotted that fake email address that goes info(at)officefamily(dot)us. Here, the word “officefamily” may fool some users to the legitimacy of the email.
Upon clicking on the provided link, the researcher reached a fake tech support website “mso365[.]tech”. According to his observation, the website had a very poor design that won’t really trick any savvy Office365 user. However, what made this site attractive was the presence of a live chat support option powered by tawk.to.
Tawk.to Banned The Scammers
After Gillespie reached the scam website and noticed the chat support, he thought to give it a try. He then conversed with the alleged chat agent only to find is speculations correct. He also shared his conversation publicly by mentioning the link in his tweet.
As revealed, the scammers asked him to provide his email address and account details to provide support. However, the alleged chat agent ended the chat the moment Gillespie typed in his message “Yes. This site is a phishing scam.”
Gillespie brought this matter to the notice of tawk.to, who then banned the ‘bad actor’. However, they were quick to go live again.
Looks like they are active again @tawktotawk pic.twitter.com/vatPJsbTau
— Michael Gillespie (@demonslay335) February 22, 2019
Once again, the researcher interacted with their live support and found that the scammers are now interested in obtaining phone numbers. Gillespie then reported tawk.to once again. As a result, tawk.to banned the domain of the scammers at once.
We've banned their domain from being able to add a widget again.. doesn't stop them from registering a new domain though :/ And the chase continues.. ?♂️vs?♂️
— tawk.to (@tawktotawk) February 22, 2019
Nonetheless, it does not indicate that the scammers won’t come into action again. Therefore, one should be very careful while clicking on links given in emails, and while communicating with any online tech support.
Recently, phishing attacks exploiting Facebook Login and LinkedIn direct message feature also came into limelight. Perhaps, one should remain cautious while interacting any third-parties altogether.