Tips for Identifying Phishing Emails in Office 365

Chances are that you’ve received a phishing email in your inbox, but did you know at that time that it was fraudulent?

Phishing emails are an attempt to trick individuals into sharing personal and sensitive information, usually login credentials and sometimes financial information. The attempt typically involves a crafted email with hyperlinks to a website intentionally created to collect information from unsuspecting victims. An attacker may be sending out a generic phishing email to a large number of individuals in order to compromise unwary recipients, or he or she may be targeting you or your organization specifically known as “spear phishing” due to the focused nature of the attempt.

What's the difference between phishing and "spear phishing"? For spear phishing, the attacker will research details about you and your organization to find valid names and information about you to use such as project and organization names. The attacker may have even compromised the account of someone you do business with so they can craft emails from their account.

Here are tips on identifying phishing emails and what steps to take to protect yourself

Think Before You Click

• Always be careful before clicking on any content in an email, including links and attachments.
• Hover over the URL (or long-press on a mobile device) to double check its destination before clicking. If it doesn't match, that's a red flag.
• In some cases, a single click is all that is required for your machine to be compromised.
• Double check the sender's information: the domain name, recipient list, subject line, message, etc.

Keep an Eye on Shared Documents

• Invitations to view shared documents are a common way to get you to click. Again, double check the sender. For example, on Office 365, legitimate sharing messages will come from either msonlineservicesteam@email.microsfotonline.com, or the email of the person sharing the document.

Know Your URLs

• Never enter your Office 365 account credentials on anything other than the actual Office 365 login page. Look closely at the URL bar. Here is what it looks like:

Report Anything That Looks Phishy

• Set up the Office 365 spam filter to identify and block specific recipients. You can also report junk email and phishing scams.
• Set up Microsoft Defender so unwanted malicious emails never make their way to your inbox

If the email appears to be directly targeting your organization in some way, or you’re just not sure if it is safe, here are a few tips to follow:

• If the purported sender is someone you know, contact him or her directly to verify if he or she sent the email. Contact this person through a method other than email. If his or her email account has been compromised, an imposter can simply reply in the affirmative to any email response you send.
• Forward a copy of the email to your organization’s security team or IT help desk so they can help assess and respond to the situation.

Did You Fall For It?

• If you believe you may have fallen victim and provided your account credentials or other sensitive information through a phishing site, please report it immediately. Your support or incident response team will walk you through the steps you should take, including changing your password and looking for suspicious activity on your account.

Arm Yourself with These Tools

• Don’t reuse your Office 365 account (or any other important account) password on other sites. Multi-factor authentication on Office 365 accounts makes it harder for an attacker to access your account, but it doesn’t prevent them from using that password to access other accounts where the same password may be used. Having trouble keeping track of more than one password? You’re not alone. Use a password manager!

Attackers and hackers are getting more creative with their attack strategies. Stay prepared and always err on the side of caution.