Hundreds of millions of people around the globe use Microsoft Office 365, which includes Word, Powerpoint, Excel, Outlook, OneNote,  OneDrive, Publisher and more. Unfortunately, criminals are always in cyberspace trying to steal your information and their latest schemes are very sophisticated.

Microsoft has warned that one common method of avoiding clicking on a phish — hovering your cursor over the link to see the full URL — is in this case totally ineffective, as the malicious actors behind the campaign have set up open redirects using a legitimate service.

According to, the campaign uses among other things, social engineering lures impersonating Office 365, to tempt users to click on a link. This leads to a series of open redirects — which have common legitimate uses, for example to direct customers to a landing page, or track email click rates — to take the victim to a malicious Google ReCaptcha verification page, and from there to a fake Office 365 sign-in page, where the unlucky are relieved of their credentials, and then redirected to another fake page, purporting to be Sophos, to add extra legitimacy to the enterprise.

Whether its Office 365, your bank, email or other accounts, you should always go directly to that site yourself and then log in. Never use links that were sent to you or show on other pages when going to important accounts. Also, be sure that you have security and virus protection on all of your devices, they may give you advance warning of these types of phishing scams. The cyber thieves aren’t going to ever stop getting more and more sophisticated with their hacks and you must stay vigilant to protect what’s yours!