Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    W-2 Form Office 365 Credential Scam Creatively Uses Typeform Service to Bypass Security Checks

    W-2 Office 365 Credential ScamBy creating phishing site pages using an online service for building surveys and forms, scammers figured out an original way to trick users out of their Office 365 credentials.

    With the new May 15th deadline for submitting your tax returns quickly approaching, the bad guys are taking advantage of the theming and attempting to use it to steal Office 365 credentials. According to security researchers at Armorblox, this latest scam focuses on a phishing email informing the potential victim that their 2020 W-2 form is available for download from OneDrive – complete with a “Learn about messages protected by Office 365” link to add some credibility to the email.

    The malicious link takes the victim to a webpage showing a blurred W-@ form, gated by Typeform. The assumption here is because the user was told it’s a OneDrive link, the intent is to collect their Office 365 credential, despite being obviously hosted on a completely different platform.

    tax-scam-phishing-form-1-final

     

     

     

     

     

     

     

     

    Source: Armorblox

    Any credentials provided are met with an invalid password error – thought to be a smoke screen to allow the scammers to collect as many credentials as possible.

    The obvious errors that should provide warning to the recipient include the mismatch between it purporting to be a OneDrive link and it actually taking the user to Typeform’s website. At least in the example provide by Armorblox, the senders email address is a Hotmail account.

    Users with proper new-school security awareness training will identify these issues a mile away and spot the email for what it really is – a scam. I highly suggest getting started on implementing this before your organization’s Office 365 credentials are stolen and used by the bad guys for even more dastardly actions.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews