Microsoft: Evasive Office 365 phishing campaign active since July 2020 (Bleeping Computer)

Bleeping Computer: Microsoft: Evasive Office 365 phishing campaign active since July 2020. “Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims, such as email addresses and company logos.”

New Ransomware Aims at Office 365 Users

A new strain of ransomware is aimed at Office 365 users. “The malware was discovered by the cyber security company Check Point and comes in the form of an invoice sent by email. The attack is designed to catch unsuspecting victims according to security analyst Raymond Schippers who said: ‘The email sent to Office 365 users via Outlook gives the appearance of an invoice in the form of an Office document. When they go to open it, a message will appear telling people the document was created with a previous version of the software, so they will need to click something to enable the content’.”