Office 365 users are being targeted in a convincing looking phishing attack. 

Phishing attacks, a common tactic used by cyber criminals to try to trick you into giving them your information, are nothing new.  In fact, it’s likely if your company has already been targeted by phishing (and if you haven’t been, it’s a matter of when – not if) and it’s getting harder and harder to spot the malicious emails. 

The following Office 365 phishing attack is a perfect example.  The email appears to be an automated alert email from Microsoft updates saying the user’s Office 365 account will be terminated and asks them to sign in to his/her account.  While the email does look realistic, there are some major red flags.  Let’s take a look.

  1. The user knows for a fact the account is active.  In fact, the email was sent to that active account.
  2. The From address was not from a Microsoft domain. Alerts from Microsoft will come from an @email.microsoftonline.com email. It actually came from an email address of another legitimate company, who were likely victims of a phishing attack or some sort of hack themselves.
  3. Always be wary of urgent requests.  Anytime there is an urgent request from Microsoft, your credit card companies, etc., it is usually not real. (NOTE: If there is a number to call in the email, don’t call it.  Attackers are becoming so clever the telephone number may be to the criminal and not to Microsoft (or the credit card company)).
  4. Check out where the hyperlink takes you.  If you are comfortable, you can copy the hyperlink (in this case Visit Here) in the body of the email, paste in a web browser and see the location.  In the case for this particular attack, the hyperlink points to the following which you know cannot be Microsoft:
  5. Look for Privacy and Legal Links.  In this case there are no privacy and legal links.  Other times they may be text – not actual links. Real Microsoft emails will actually link to the legal information on their site.

 

If you are EVER in doubt, feel free to call the Altitude Unlimited Help Desk at 201-847-9151 or send an email to helpdesk@altitudeunltd.com.  Please share with your employees, friends, family and business partners.  Thank you!