5/17/2023 – Please view our updated article

 

---

The bad guys have been targeting Microsoft 365 users lately with multiple phishing attacks. Below is a sample of what to be on the lookout for. I would recommend sending this article to your employees to improve security awareness.

Red flags

• “From” email address inside the < > is not a Microsoft address. Even if it does show a Microsoft address it could be spoofed.
• It’s addressed to a generic person such as “Client” and not the recipient by name.
• It doesn’t look polished as you would expect an email from Microsoft to be.
• Sent with High Importance.
• It contains an attachment. Microsoft will never send you an email with an attachment.
• Involves a threat of data loss or loss of access.
• English may not be proper.
• If you move your mouse on top of a link in the email without clicking in Outlook it will show where the link really goes (to the attacker’s web site).

I have highlighted these red flags in the samples below.

Sample Microsoft 365 Phishing Emails

---

 

 

---

 

 

---

---

---

---

---

---

---

---

---

---

-Tim