Jump to content

Possible security issue with Google result and office 365?

BvH
 Share

Hi Everyone,

 

Maybe it's nothing but I found something strange with a search result in Google that might be a security issue.

 

When I search on the following at google.com "Office 365 Login" i get the following result:

 

afbeelding.png.afd38e6a1f789c302293cea0da04c6fa.png

 

When I click on Sign In I am redirected to a Godaddy site and not Microsoft.

The URL seams to be faulty and containing a realm (h t t p s://outlook.office.com/owa/?realm=masterworksdesign.com)

 

Could this be a malicious site for harvesting accounts?

 

Link to comment
Share on other sites

Link to post
Share on other sites

Do you own the domain: masterworksdesign.com?

Because it's just redirecting you to the login for outlook for that site.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

No I do not, that's what concerns me, why does a standard result on Google contains that domain.

 

Other people I contacted reported the same result so it doesn't seem to be related to my system or network.

Link to comment
Share on other sites

Link to post
Share on other sites

Might seem gibberish but bear with me for a minute.

image.thumb.png.880010f801413b1e21ffeb2d42bfef84.png

The code just here shows that GoDaddy (GD hereon) is a portal, so we need to fact check that first.

image.png.aef48edc134f5062f2b4846d0ccc6a18.png

Upon checking the link, it is actually a GD link, not some rando website built with a GD domain.

But what does GD have to do with Microsoft? Surely Microsoft can host their own domains, why is GD in the picture?

Turns out, we can actually purchase Microsoft 365 through GD. And what Google thinks is that we've purchased 365 through GD, in which case, we can only login to Office through GD. This is partly Google's fault and it checks out when you try the same search in alternative search engines.

Ex:

image.png.4a53da1b001b1cbc5f27e738e9457fd0.png

 

And you can also fact-check the "need to sign in through GD" part in the other engine too.

ex:

image.png.d25f9251af6b7c2253cfd59138bb4c1e.png

Notice how it's almost like there is a separate Microsoft Office 365 environment in GD, that's because the people who bought office in the GD site (pic below), can only login through that.

image.thumb.png.06aabddded15a1a76955ddcdc709d1d9.png

(final pic i promise lol)

 

So yeah, Google's fault, and our not knowing that Office can be bought through GD results in a VERY malicious, scammy, sketchy looking website link lol.

Hope you understood lmao, let me know if you have questions!

PLEASE TAG ME SO I CAN SEE YOUR REPLY!

CPU: AMD Ryzen 7 3700x  | Motherboard: Asus TUF X570 Plus | RAM: Crucial Ballistix 8gbx2 3600Mhz | GPU: Asus TUF RTX 3080 | PSU: NZXT C850 | Case: Corsair 5000D AF | Cooler: NZXT Kraken Z63 280mm | SSD: Samsung 970 EVO 500Gb m.2 ssd + Samsung 860 EVO 1tb ssd | Monitor: LG 49WL95C-W | Peripherals: Logitech G815 + Razer Viper Ultimate + Razer Kraken TE | Audio: Logitech G560 

Link to comment
Share on other sites

Link to post
Share on other sites

Thank you for the explanation, I am glad to hear it is not a scam.😃

 

But why the masterworksdesign.com domain as realm in the underlying url while the results are displayed as a part of the office.com domain?

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, BvH said:

Thank you for the explanation, I am glad to hear it is not a scam.😃

 

But why the masterworksdesign.com domain as realm in the underlying url while the results are displayed as a part of the office.com domain?

 

What I think is happening is that, Google in all it's glory, thinks we might be that domain mentioned above, and hence, thinks we want to sign in as masterworksdesign into Microsoft 365, and maybe that domain owner bouth Office through GD, so yeahhh, Google f-ed up. lol.

PLEASE TAG ME SO I CAN SEE YOUR REPLY!

CPU: AMD Ryzen 7 3700x  | Motherboard: Asus TUF X570 Plus | RAM: Crucial Ballistix 8gbx2 3600Mhz | GPU: Asus TUF RTX 3080 | PSU: NZXT C850 | Case: Corsair 5000D AF | Cooler: NZXT Kraken Z63 280mm | SSD: Samsung 970 EVO 500Gb m.2 ssd + Samsung 860 EVO 1tb ssd | Monitor: LG 49WL95C-W | Peripherals: Logitech G815 + Razer Viper Ultimate + Razer Kraken TE | Audio: Logitech G560 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×