Microsoft 365 Phishing Examples

Microsoft 365 Phishing Examples

[UPDATED: 4/6/2022]

The bad guys have been targeting Microsoft 365 users lately with multiple phishing attacks. Below is a sample of what to be on the lookout for. I would recommend sending this article to your employees to improve security awareness.

Red flags

  • From” email address inside the < > is not a Microsoft address. Even if it does show a Microsoft address it could be spoofed.
  • It’s addressed to a generic person such as “Client” and not the recipient by name.
  • It doesn’t look polished as you would expect an email from Microsoft to be.
  • Sent with High Importance.
  • It contains an attachment. Microsoft will never send you an email with an attachment.
  • Involves a threat of data loss or loss of access.
  • English may not be proper.
  • If you move your mouse on top of a link in the email without clicking in Outlook it will show where the link really goes (to the attacker’s web site).

I have highlighted these red flags in the samples below.

Sample Microsoft 365 Phishing Emails


 

 


 

 











-Tim

Office 365 Security