In the latest scam, using email address quarantine[at]messaging[dot]microsoft[dot]com, cybercriminals are sending a spam notification to your inbox. This phishing email claims to be an important email from your company about a “Transaction Expenses Q3 Update” and that it has been quarantined. In order to reach the quarantined email, they ask you to review it to determine if it should or should not be marked as spam.
When you click on the review button it takes you to a fake Microsoft 365 login page. If you provide your credentials on this page, it will be sent straight to the cybercriminals.
- If you get a notification that you are unfamiliar with, reach out to your IT department.
- Never click on a link or attachment from an email you weren’t expecting.
- This attack could use any well-known brand and is not just limited to Microsoft.