Threat Database Phishing Office 365 Password Reset Request Scam

Office 365 Password Reset Request Scam

Scam emails labeled as an 'Office 365 Password Reset Request' are a type of phishing designed to trick recipients into handing over Microsoft 365 credentials. They look like legitimate password-reset help, but are entirely fake. These messages are not associated with Microsoft, Microsoft 365, or any legitimate service provider — they are criminal attempts to harvest logins for fraud, identity theft, network compromise, and malware distribution.

What The Scam Looks Like

Attackers send emails that impersonate Microsoft 365 password-reset notices. A commonly observed subject line is 'UNRESOLVED REMITTANCE' (the exact wording may vary). The body pretends to offer steps to reset your Microsoft account password and usually includes a link to a sign-in page that visually mimics the official Microsoft 365 login screen. That fake page is a data-capture form: whatever you type goes straight to the scammers.

How The Fake Site And Credential Collection Work

The fake webpage is deliberately styled to look authentic so users will type their username and password. Once entered, credentials are recorded and transmitted to the attackers. With those credentials, the criminals can log in to the real account, change settings, read or forward emails, and access any service tied to that account (cloud storage, corporate resources, financial services, social media, etc.).

The Real Harms — Beyond A Single Login Being Stolen

Compromised Microsoft 365 accounts are attractive because they often provide access to corporate resources. Consequences include:

  • lateral movement inside company networks (leading to malware — trojans, ransomware — being deployed),
  • data theft and exposure of confidential files,
  • account takeover for financial fraud, donation/loan requests using your identity, and
  • further spread of phishing or malware by sending malicious emails from a trusted address.

Warning Signs To Watch For

  • Unexpected or vague subject lines like 'UNRESOLVED REMITTANCE' or similar wording.
  • Urgent language that pressures you to click a link or reset now.
  • Sender address or reply-to that does not match official Microsoft domains.
  • Links that go to non-Microsoft domains (hover to inspect).
  • Login pages with small visual inconsistencies — misspellings, odd fonts, or URLs that don't match login.microsoft.com.
  • Attachments or links to unfamiliar files or compressed archives.

What To Do If You Entered Credentials Or Suspect Compromise

Change the password on the affected Microsoft 365 account right away and on any accounts that used the same password.

Contact official support for the service(s) involved (use phone/website you know is legitimate) and inform them of the compromise; enable multi-factor authentication (MFA) if not already active.

How Spam Campaigns Deliver Malware

Spam isn't just credential theft — it's also a common malware vector. Campaigns attach or link to malicious files (RAR/ZIP archives, EXE, RUN), Office documents that require enabling macros, OneNote files with embedded links, JavaScript files, PDFs, and similar. Some files execute immediately when opened; others require the user to enable content or click embedded links to start the infection chain.

Final Words

These 'Office 365 Password Reset Request' emails are fraudulent and are not associated with Microsoft, Microsoft 365, or any legitimate service provider. If you receive one, do not click links or enter credentials; treat it as a security incident and follow the immediate-action steps above.

System Messages

The following system messages may be associated with Office 365 Password Reset Request Scam:

Subject: UNRESOLVED REMITTANCE

Office 365 Password Reset Request

We're assisting you with resetting your Office 365 password.

To reset your password, please follow these steps:

1. Go to the Click on "Forgot my password" and enter your username.
2. Follow the prompts to reset your password.

If you need help, contact our support team.

Best regards,

Trending

Most Viewed

Loading...