Educause Security Discussion mailing list archives

Phishing O365 tenants with compromised hotmail/Microsoft accounts

From: "Jim A. Bole" <jbole () STEVENSON EDU>
Date: Thu, 29 Aug 2019 14:58:42 +0000

Curious if any other O365 shops are seeing a spike in phishing emails that use a compromised Hotmail account to send a 
OneDrive link.

The attacker also uses some sort of fake IT sender, but the body of the message often has a signature block or other 
information from a senior university person with some sort of higher ed content.

Example:

[cid:image001.jpg@01D55E58.B83EE400]


Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu | O: 443-334-2696





**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

<<attachment: winmail.dat>>

Current thread:

Phishing O365 tenants with compromised hotmail/Microsoft accounts Jim A. Bole (Aug 29)
- Re: Phishing O365 tenants with compromised hotmail/Microsoft accounts Bandy, John (Aug 29)
- Re: Phishing O365 tenants with compromised hotmail/Microsoft accounts King, Ronald A. (Aug 29)