From: Microsoft Office 365 Team [noreply@cloud.baddogwebdesign.com]
Date: 16 November 2016 at 10:58
Subject: Office 365 Tax Refund Service
Office 365 Microsoft
Office 365 Tax Refund Service.
–
–
CONFIGURE TODAY
Thanks for using Office 365. We are delighted to present our new service associated with HM Revenue & Customs. To continue processing your tax refund please configure your bank account.
It's easy to configure your bank account:
1 –
Sign in to your account.
1 –
Configure your bank account.
1 –
You are eligible to receive a tax refund of £537.25 GBP
Thanks for subscribing to Office 365. We hope to continue serving you.
–
– Helpful resources
How to reactivate your Office 365 subscription
Already renewed? Verify your subscription here
What happens to my data and access when my subscription expires?
Get help and support for Office 365
–
–
This is a mandatory service communication. To set your contact preferences for other communications, visit the Promotional Communications Manager.
This message was sent from an unmonitored e-mail address. Please do not reply to this message.
Privacy | Legal
–
–
Microsoft Office
One Microsoft Way
The link in the email leads to updatemicrosoftonline.com on 89.248.168.13 (Quasi Networks LTD, Seychelles). Despite the email and the domain name it leads to an HMRC-themed phishing page..
This multi-phish page has twelve UK banks set up on it:
- Barclays
- Halifax
- HSBC
- Lloyds Bank
- NatWest
- Royal Bank of Scotland
- Santander
- TSB
- Metro Bank
- Clydesdale Bank
- The Co-Operative Bank
- Tesco Bank
Once you have entered all the information, the process appears to fail and you are directed to a genuine HMRC site instead.
A list of sites found in 89.248.168.0/24 can be found here [pastebin]. I suggest that the entire network range looks questionable and should be blocked.