Many users are being targeted with a new phishing attempt that is telling users they have exceeded a limit and will be disconnected from sending or receiving email.
Be aware that a new email thread has surface that is trying to get users to input their username and password into a fake site (aka. Phishing) so they can harvest this info for nefarious purposes.
In this case the email subject is "32 Clustered Mails" and appears to come from "Office Outlook" whose email address is "Admin@mail38.atl161.mcsv.net"
The body of the message tries to scare a user into thinking that some sort of limit has been reached and they cannot send or receive emails until the "Pending Clustered Mails" have been released. Don't be fooled by this. See the email that came to me today:
When you hover your mouse over the links you'll see that the web address is not Microsoft related (all links appear to go to the same place). In this case it's "http://www.fullmaker.hu" which is definitely not legitimate.
Since I've gone through the trouble of clicking the link, you'll see that it takes you to a page that is almost identical to Microsoft's sign-in page for email.
Left side is fake whereas the right side is legit Microsoft.
If you click on a link before previewing it, or it seems legitimate, we recommend you review the website address at the top of your web browser to attempt to verify authenticity before you go any further!
Look at the parts after http:// or www for clues. Pay attention to common misspellings (https://microsft.com) and giveaways such as zeros are used instead of o's (ie. https://micr0soft.com) or ones instead of i's (https://m1crosoft.com).
In this case, they didn't attempt to pretend to be Microsoft's website name, they just tried to mimic its look. "www.newidea.dn.ua" is not a Microsoft site.
If you feel that you've given up your login information (username/password) be sure to change all account passwords that use either of those codes right away (assuming you're like most others and reuse passwords or usernames for different sites, like Facebook). If you've given away something personal or financial, consider calling your local police department.
Good luck and stay safe out there!
** Update at 3:20PM EST **
Another email thread has been received, with the subject "UNABLE TO VERIFY SUBSCRIPTION" from "MS Message Center"
Here's the body:
---------------------------------------------------------------------------------------------------
Microsoft Office
Unable to Verify Subscription.
User Info
Sorry, we are unable to verify your info@mytechcentre.ca subscription, so most of your mailbox features have been disabled. Please re-enable now.
Why it happens
While you don’t need to be online at all times to use office, you do need to connect to the Internet intermittently so office can verify that your subscription is still active. If office can’t check the status of your subscription for an extended period of time (usually around 30 days), you’ll see the ''Unable to Verify Subscription'' message, and office will eventually disable most of your mailbox features.
This action will take a brief period before this request takes effect
This message was sent from the email address is not monitored. Do not reply to this message. Privacy | Legal Notices
Microsoft Corporation 600 Pine Street, Suite 352, Seattle, WA 98101, USA.
---------------------------------------------------------------------------------------------------
Don't click the "RE-ENABLE NOW" link as that also takes you to a faked Microsoft login page which attempts to get you to enter your password (just like above). Be sure to follow my password change recommendation immediately and delete this email.
We're getting the feeling that something/someone has been able to mass SPAM Office 365 accounts and looking to hear back from Microsoft regarding this.
-Edward