O365 email phishing message is spreading quickly

Several warnings of the phishing of O365 credentials have been published during this year. Because of the quicky spreading of the phishing messages, FICORA (Finnish Communications Regulatory Authority) has classified the situation as critical.

This is how the phishing is spreading:

  • A target person gets a message with the subject “Ladattu asia kirja", for example.
  • In the message there is a link to the scam website which looks like the Microsoft SharePoint login page.
  • If one give his user name and password on the scam page, these credentials will end up to attackers who use them for logging into the O365 email system.
  • With the hacked credentials the attackers then can follow the email traffic and send new targeted phishing and scam emails.

Act this way:

  • Do not click a link, but stop for a while to consider if the message is justified and is the link leading outside of the university services. You see the real link address when moving the mouse pointer on the link, but do not click it.
  • In uncertain situations do not hesitate to ask IT Helpdesk for help.
  • If you state the message as a phishing message, do not click a link but remove the message.
  • If you already have clicked the link which leads to the phishing page and have given your user account and password on the page, change your password immediately here: https://account.oulu.fi/passwd. Instruction for the password changing: http://www.oulu.fi/ict/password. Report the incident to IT Helpdesk.
  • If you have not clicked the link in the phishing message, your account is not compromised. However, you can change your password using the link above whenever so desired.

- IT Administration Services

Last updated: 24.9.2018