How to Recognise an Office 365 Phishing Attack
A new email phishing scam has recently been arriving in many peoples’ inboxes. It impersonates Microsoft Office 365, attempting to steal your login credentials and therefore access your personal emails and data.
The attack consists of a simple HTML email stating that the recipients’ account ‘failed to connect and returned (5) incoming emails.’ Recipients are then asked to click on ‘Recover Messages’ to access their emails.
If the link is clicked, the user is taken to a convincing replica of the Microsoft Office 365 login portal. Upon entering their password, the user is told that it is incorrect and to enter it again. The second time, the page states the account is ‘verified’ and they’re redirected to the legitimate Microsoft account sign-in page.
Cybercriminals often exploit large global companies such as Microsoft in their scams, because their reputations lead victims into a false sense of security, making them more likely to fill in their details. This also makes them more difficult to spot. Therefore, making use of robust email security systems is now essential in protecting private and critical business data.