Microsoft Office Forms scam revealed

What is a Microsoft phishing email scam?

This type of a Microsoft email scam relies on your employees’ busyness and trusting nature. In this attack, the scammer creates a Microsoft Office Form that looks just like the login page of the Microsoft Office365 login screen. Then, the scammer emails the link to this form to employees in various companies. The email is, of course, disguised to appear like it’s coming from a legitimate source. The employee typically doesn’t even think twice before clicking the link – thy simply open the page. There, they are asked to enter their login credentials to get into the system, which most employees do without hesitation. Once the login information is entered, it is then in the scammer’s hands, which is a huge cybersecurity breach. 

Why do scammers use Microsoft Forms for this phishing attack?

There are many significant reasons why scammers choose Microsoft Forms for this scam. First of all, the link to the form appears legitimate to most people since it begins with – employees who have been trained in cybersecurity practices will definitely look at the link before clicking on it and since it’s a trusted website, they may let their guard down. Secondly, a Microsoft Form is much easier to set up than a phishing website and it’s even free to do. Scammers don’t need to worry about building a website, purchasing a legit-looking domain name and paying for hosting. 

How can I identify Microsoft Form scams?

One of the easiest ways to identify phishing attempts that use Microsoft Forms is to check who sent the email, whether you were expecting this email, etc. In general, you should not be asked to log in if you’re being sent a link to a Microsoft Form. Additionally, scammers often misspell words to get past automated email security systems. For instance, they might include fields that say “Email-address” or misspell the words “email”, “password” or “address”. Scammers also sometimes put extra spaces between letters to prevent security systems from identifying the words correctly. 

Talk to an Expert

1. We will review your request within 2 hours and contact you.

2. We will check your company and describe the workflow.

3. We will start cybersecurity check.

    Privacy Policy

    Vitaly is a principal consultant at Hackcontrol as wall as aa business and IT thought leader. He has over 15 years of experience in consulting, account management and is a specialist in cybersecurity.