Back to All Attacks
Attack Details
Attack Date:
Apr 19, 2022
Microsoft Expired Account Credential Phishing Attack
Initial Email Content
Subject
Notification: Password Alert
Body
One Time Password Authentication For Microsoft 365
Your password is set to expire on Tuesday, April 19, 2022.
User ID: [Target Email Address]
Please take immediate action to avoid being log out permanently.
Keep Same Password
Sincerely,
Microsoft Corporation
Malicious Artifacts
Additional Indicators of Compromise
Type
Description
No items found.
Attack Description
This link-based attack impersonates Microsoft using an external compromised account and an expired account theme to steal credentials.
Analysis Overview
Tactic
External Compromised Account
Goal
Credential Theft
Impersonated Party
Vector
Link-based
Theme
Expired Account
Language