W-2 Form Office 365 Credential Scam Creatively Uses Typeform Service to Bypass Security Checks

W-2 Office 365 Credential ScamBy creating phishing site pages using an online service for building surveys and forms, scammers figured out an original way to trick users out of their Office 365 credentials.

With the new May 15th deadline for submitting your tax returns quickly approaching, the bad guys are taking advantage of the theming and attempting to use it to steal Office 365 credentials. According to security researchers at Armorblox, this latest scam focuses on a phishing email informing the potential victim that their 2020 W-2 form is available for download from OneDrive – complete with a “Learn about messages protected by Office 365” link to add some credibility to the email.

The malicious link takes the victim to a webpage showing a blurred W-@ form, gated by Typeform. The assumption here is because the user was told it’s a OneDrive link, the intent is to collect their Office 365 credential, despite being obviously hosted on a completely different platform.










Source: Armorblox

Any credentials provided are met with an invalid password error – thought to be a smoke screen to allow the scammers to collect as many credentials as possible.

The obvious errors that should provide warning to the recipient include the mismatch between it purporting to be a OneDrive link and it actually taking the user to Typeform’s website. At least in the example provide by Armorblox, the senders email address is a Hotmail account.

Users with proper new-school security awareness training will identify these issues a mile away and spot the email for what it really is – a scam. I highly suggest getting started on implementing this before your organization’s Office 365 credentials are stolen and used by the bad guys for even more dastardly actions.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing

Subscribe To Our Blog

Cybersecurity Awareness Month Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews