Office 365 users are being targeted in a convincing looking phishing attack.
- The user knows for a fact the account is active. In fact, the email was sent to that active account.
- The From address was not from a Microsoft domain. Alerts from Microsoft will come from an @email.microsoftonline.com email. It actually came from an email address of another legitimate company, who were likely victims of a phishing attack or some sort of hack themselves.
- Always be wary of urgent requests. Anytime there is an urgent request from Microsoft, your credit card companies, etc., it is usually not real. (NOTE: If there is a number to call in the email, don’t call it. Attackers are becoming so clever the telephone number may be to the criminal and not to Microsoft (or the credit card company)).
- Check out where the hyperlink takes you. If you are comfortable, you can copy the hyperlink (in this case Visit Here) in the body of the email, paste in a web browser and see the location. In the case for this particular attack, the hyperlink points to the following which you know cannot be Microsoft:
- Look for Privacy and Legal Links. In this case there are no privacy and legal links. Other times they may be text – not actual links. Real Microsoft emails will actually link to the legal information on their site.
If you are EVER in doubt, feel free to call the Altitude Unlimited Help Desk at 201-847-9151 or send an email to firstname.lastname@example.org. Please share with your employees, friends, family and business partners. Thank you!