A popular trend we're seeing today among Office 365 clients are phishing emails requesting the user to click on a provided link and input their email credentials.
These emails come with a number of red flags that make it relatively easy to identify.
Take a look at this example below.
- Hard to tell here, but the sender's domain is not from a Microsoft domain. All alerts coming from Microsoft will be coming from an @email.microsoftonline.com email address.
- All alerts from Microsoft will include detail's on what this email is in regards to within the subject line. Note that here is also a typo here in the subject, which can generally be considered another red flag.
- N/A - was marked as incorrect branding at the time, but Microsoft 365 is a used brand as of 8/7/2017. However, keep in mind that incorrect branding is another red flag.
- They are trying to scare you. That first line is to entice you to click on the provided link below before thinking too heavily about the legitimacy of this email.
- They are attempting to get you to sign in here. The link would bring you to a false sign in page - where your credentials are likely logged and stolen.
- Hovering over the provided link will show you that it directs you to a non-Microsoft web page.
- The privacy and legal information on the bottom of this email is in text. Microsoft will always provide links that direct you to the appropriate information on their site.
With those red flags in mind - take a look at one example of a legitimate email from Microsoft.
There is an important thing to notice here. While this alert email has a similar message as the fake alert, it has specific account information and gives a reason for the trial being deleted (expired trial), rather than just saying the account is suspended or deleted with no explanation.
These examples do not always appear exactly as they look above, but the red flags to look for generally remain the same.
Rule of thumb - if it is not directly from us or Microsoft, bring it to someons's attention before going further.