There are many ways the fraudsters will try and trick users into providing their Office 365 login credentials. Recently we are seeing a lot of emails that will somehow ask you to login to your Office 365. A lot of effort is put towards blocking these fraudulent emails, but invariably a few will get through to you. Often, they will come from your colleagues because they got caught. Never assume – check with the user who sent you the email.
Common tricks are:
- A document has been shared with you-you need to log on to see it.
- You are running out of email storage space – log on to add space.
- Your account is about to be deactivated.
- You have been invited to join an Office 365 Team site – you need to login to join the Team.
In any case, there will be an attempt to get you to put in your Office 365 password.
You may receive an email similar to this:
When you click on the Open/View it will want your password:
This is really just getting you to put in passwords to harvest them.
It is not just email. Sometimes it may be a phone call. Microsoft will NEVER phone you out of the blue about your Office 365 -or anything else.
Below are things to watch for and some samples of the types of emails we have seen circulating. You will notice that a lot of them look legitimate.
- “From” email address is not a Microsoft address. Even if it does show a Microsoft address it could be spoofed.
- It’s addressed to a generic person such as “Client” and not the recipient by name.
- It doesn’t look polished as you would expect an email from Microsoft to be.
- Sent with High Importance.
- It contains an attachment. Microsoft will never send you an email with an attachment.
- Involves a threat of data loss.
- English may not be proper.
- If you move your mouse on top of a link in the email without clicking in Outlook it will show where the link really goes (to the attacker’s website).
- A valid web link an email will show your company name in it – Example below shows a link to a document that has been shared with another colleague. If you hover your mouse over the Open button the website address appears. It should have your company name in it if it purports to be from one of your colleagues.
The highlighted areas are the red flags in the samples below!
Samples Microsoft Office 365 Phishing Emails:
Please contact us if you have any questions: