Blog

Don't fall for this email quota limit phishing scam

Have you ever received an email with "Microsoft Outlook 365: Your email quota almost exceeded limit" in the subject line? I recently received one of these emails to my business email address. The email warned that not only I was not only in danger of exceeding my Outlook mailbox limit but that I needed to "review recent activity" in the interest of "extra security."

Here's another scary one which came, again, from a personal email which was nothing to do with Microsoft or Office 365:

For business users who depend on email delivered to the Microsoft Outlook app, such an alert would cause concern. But as anyone who has read our blog series on the "7 common sense cyber protection that really work" by Dr. Ken Urquhart could see, this alert is not from Microsoft. It is a phishing scam email designed to steal login information.

There were several signs that this email was an attempt to phish our business which were easy to spot such as:

  1. The sender of the email was extremely suspicious. We have obscured the name in the "from:" line (seen highlighted in yellow) because the scammer put in a real person's email they scraped off the internet. Criminals will use real email addresses picked up off the Internet to get past spam filters that typically block fake email addresses. Since criminal scammers often use email systems designed for phishing, they can put any email address (real or fake) in the "from:" line of their emails. The important thing to note is why the sender's email was suspicious: The "Office 365 Team" would not send an email to a U.S. based company from a clearly non-Microsoft, non-U.S. e-mail address.
  2. The first line of the body copy has no mention of the subject line—the phishing scammer apparently forgot this is supposed to be an alert about my email storage quota—because, were this a real email from Microsoft, the first line should have explained what the limit was and how close I was to exceeding it. But this email contains incorrectly-worded phrases related to cybersecurity (seen circled in red).
  3. The call to action for opting out of security notification emails is designed for people who get too many emails. These notices are supposed to address the frequency of delivery, the "when," rather than "where" the emails get delivered (seen underlined in red).


Many scammers try to make their phishing email look like legitimate Microsoft alerts. There is a good chance that had I clicked any of the links in this email, a fake but legitimate-looking Outlook Web App (OWA) login box would have opened in my web browser. Phishing scams like these are often sophisticated enough to let users type in their Office 365 account login details in the fake box, capture that login information, and then redirect the victim to the real OWA website.

Once your login information is collected by scammers, it can be used to hijack your business email. By stealing your login, the scammers potentially can use your email to launch further phishing campaigns in your name. Because your Outlook email connects to your Office 365 account, this phishing attack can also grant criminals access to valuable information stored on your OneDrive For Business online storage and SharePoint sites.

As an entrepreneur and business owner, I see this "email quota" phishing scam as an attack with two serious consequences. First, in an email quota phishing scam against a company like Amaxra, which does business with some of the largest multinational companies in the world, the attackers potentially can find a way into large organizations. While the hackers did not use the exact same email quota email scam in the Target retail store attack that stole 40 million shoppers' credit cards, the initial intrusion was made by sending a phishing email to one of Target's relatively-smaller external vendors. Secondly, if the email quota phishing scam is successful against an executive at a small to midsized company, then sensitive emails can be stolen by the hacker. This is why network and data security is more critical now than ever for every organization.

When you receive an email alerting you about exceeding your email quota limit, know that there's a good chance you're being phished! Remember that Office 365 user mailbox sizes for Business Essential, Business Premium, and Enterprise E1 plans are a generous 50 GB. For Enterprise E3 and E5 plans, the user mailbox limit is doubled to 100 GB. No matter which Office 365 plan you have, most users can send and receive tens of thousands of emails before approaching their mailbox quota.

Amaxra has set up and secured cloud-based Office 365 email solutions for small startups and large organizations.

Contact us at licensing@amaxra.com or call 425 749 7471 for a no-obligation consultation on how we can help you get more value from your software investment.

Comments

Subscribe to Our Blog

Get the latest news from Amaxra delivered to your inbox

Tags

{
  "moduleName": "tag_blogtaglist_2",
  "moduleDescriptor": {
    "templatePath": null,
    "parameters": ",collection=\"tagList\",template=\"\"",
    "apiEndpoint": "/api/v3/tag_blogtaglist_2",
    "objectType": -1,
    "objectId": -1,
    "adminUrl": ""
  },
  "items": [
    {
      "id": 359043,
      "name": "Azure Active Directory",
      "count": 4
    },
    {
      "id": 345675,
      "name": "Business",
      "count": 11
    },
    {
      "id": 345676,
      "name": "Business Analytics",
      "count": 9
    },
    {
      "id": 348247,
      "name": "Business Intelligence",
      "count": 12
    },
    {
      "id": 345678,
      "name": "Business Solutions",
      "count": 39
    },
    {
      "id": 345680,
      "name": "Business Tools",
      "count": 33
    },
    {
      "id": 348246,
      "name": "ClickDimensions",
      "count": 6
    },
    {
      "id": 345684,
      "name": "Cloud Solutions",
      "count": 46
    },
    {
      "id": 345685,
      "name": "Collaboration",
      "count": 21
    },
    {
      "id": 345686,
      "name": "Communication",
      "count": 11
    },
    {
      "id": 345690,
      "name": "CRM",
      "count": 22
    },
    {
      "id": 345692,
      "name": "Customer Service",
      "count": 4
    },
    {
      "id": 345696,
      "name": "Digital Transformation",
      "count": 20
    },
    {
      "id": 345697,
      "name": "Dynamic Workforce",
      "count": 15
    },
    {
      "id": 345698,
      "name": "Dynamics CRM",
      "count": 24
    },
    {
      "id": 345699,
      "name": "Email Marketing",
      "count": 6
    },
    {
      "id": 345702,
      "name": "Excel",
      "count": 4
    },
    {
      "id": 345705,
      "name": "Giving Back",
      "count": 1
    },
    {
      "id": 345706,
      "name": "Going Green",
      "count": 3
    },
    {
      "id": 345709,
      "name": "Lead nurturing",
      "count": 7
    },
    {
      "id": 345711,
      "name": "Management Tools",
      "count": 12
    },
    {
      "id": 345713,
      "name": "Marketing Automation",
      "count": 9
    },
    {
      "id": 345714,
      "name": "Metadata",
      "count": 1
    },
    {
      "id": 345716,
      "name": "Microsoft Dynamics",
      "count": 23
    },
    {
      "id": 345717,
      "name": "Microsoft Office",
      "count": 31
    },
    {
      "id": 345718,
      "name": "Microsoft Partner",
      "count": 2
    },
    {
      "id": 345721,
      "name": "Office 365",
      "count": 56
    },
    {
      "id": 358337,
      "name": "Office Planner",
      "count": 1
    },
    {
      "id": 345722,
      "name": "OneDrive",
      "count": 6
    },
    {
      "id": 345725,
      "name": "Planning",
      "count": 7
    },
    {
      "id": 345727,
      "name": "Power Bi",
      "count": 4
    },
    {
      "id": 345728,
      "name": "PowerPoint",
      "count": 2
    },
    {
      "id": 345730,
      "name": "Presentation Design",
      "count": 2
    },
    {
      "id": 345732,
      "name": "Productivity",
      "count": 39
    },
    {
      "id": 348227,
      "name": "Security",
      "count": 31
    },
    {
      "id": 348245,
      "name": "SharePoint",
      "count": 13
    },
    {
      "id": 348226,
      "name": "Sustainability",
      "count": 2
    },
    {
      "id": 358338,
      "name": "Windows 10",
      "count": 6
    },
    {
      "id": 348228,
      "name": "Work for Amaxra",
      "count": 11
    }
  ]
}