Back to All Attacks
Attack Details
Attack Date:
Apr 19, 2022

Microsoft Expired Account Credential Phishing Attack

Initial Email Content

Subject
Notification: Password Alert
Body

One Time Password Authentication For Microsoft 365

 
Your password is set to expire on Tuesday, April 19, 2022.

   User ID: [Target Email Address]


Please take immediate action to avoid being log out permanently.

Keep Same Password


Sincerely,
Microsoft Corporation

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This link-based attack impersonates Microsoft using an external compromised account and an expired account theme to steal credentials.

Analysis Overview

Tactic
External Compromised Account
Goal
Credential Theft
Impersonated Party
Vector
Link-based
Theme
Expired Account
Language