Microsoft 365 Phishing Examples

Microsoft 365 Phishing Examples

Office 365 Security

[UPDATED: 4/6/2022]

The bad guys have been targeting Microsoft 365 users lately with multiple phishing attacks. Below is a sample of what to be on the lookout for. I would recommend sending this article to your employees to improve security awareness.

Red flags

  • From” email address inside the < > is not a Microsoft address. Even if it does show a Microsoft address it could be spoofed.
  • It’s addressed to a generic person such as “Client” and not the recipient by name.
  • It doesn’t look polished as you would expect an email from Microsoft to be.
  • Sent with High Importance.
  • It contains an attachment. Microsoft will never send you an email with an attachment.
  • Involves a threat of data loss or loss of access.
  • English may not be proper.
  • If you move your mouse on top of a link in the email without clicking in Outlook it will show where the link really goes (to the attacker’s web site).

I have highlighted these red flags in the samples below.

Sample Microsoft 365 Phishing Emails






You’re Infected. You just don’t know it yet.

You’re Infected. You just don’t know it yet.


7/10/2013 – Update #1: Click here for more information on SEP SBE 2013 Cloud

7/11/2013 – Update #2: Click here for the technical details 

If you or an employee has received an email attachment, clicked on a link, or surfed the web in the past few months there is a good chance that you have an infected computer on your network. A new version of a nasty piece of malware is spreading like wildfire. Now researches have just uncovered that it is not just one malware package, but two working as a team. Did I mention it spreads via USB drives and network shares too?

[quote]The antivirus software you have probably does not detect the infection. If it does, the removal process does not work even when it reports success. [/quote]

The antivirus software you have probably does not detect the infection. If it does, the removal process does not work even when it reports success. The malware hides on your system and downloads more malware, keyloggers, pop-up generators, botnet clients, or whatever onto your computer.  

But I have the latest antivirus software. I’m fine..right??

Look in the lower right hand corner of your PC next to the clock (system tray). Does your antivirus icon look like any of the icons below? If Yes, you are vulnerable.


McAfee, Microsoft Security Essentials, Kaspersky, AVG, Avast, Norton, Symantec Endpoint Protection 12 or earlier, Trendmicro, etc. do not detect it. Specialized tools such as Malwarebytes and combofix also do not remove it (or even detect it depending on version).

How do I protect myself?

While we normally do not push any single product we have had great results with Symantec Endpoint Protection Small Business Edition 2013. It is cloud based and it is only $2.50/month per PC. Since we have installed it our clients using it have gone to zero infections from anything. If you would like more information on purchasing or installing this product or have a general question about malware please contact us.