2018-03-22 - Fraudulent Delivery Failure message

The following is a message some of our users received on March 22nd.  The message purported to be from Office 365 and the hook was that there was a purported server failure and some of your mail wasn't sent, with an entreaty to click on the link to resend the message.  A screenshot of the message is below.  In the message, note the poor grammar ("encounter ed" instead of "encountered", as well as subject-verb agreement issues).  

The biggest clue is that when you hover over the "Click here" link, you will see the actual destination link at hte bottom left, which has nothing to do with the college or Office 365.

These kinds of fraudulent emails are extremely common, and relatively unsophisticated, but they rely on our instinctual concern over our mail not going through (and the consequences of unreceived emails).  As always - take the time to think about any emails before clicking links or opening attachments.

Example of the phishing email within Office 365

 

If you had clicked on the link - there are a couple things you could do to notice that something is fishy at that time as well.  It brings you to a page that, superficially at least, looks like Office 365.  The problems are:

  • The web address of the site is both listed as 'Not Secure' as well as being a german site that has nothing to do with the college.
  • The New Paltz specific background, showing the Atrium at night, is not there but is instead the Microsoft generic Office 365 login page.

Though the background image could be replicated by criminals, the web address could not be.

Screenshot of fraudulent website that tries to look like Office 365.