Some Examples of Phishing Scams aimed at Microsoft users.
Over the last year, our IT support team at Right-Click has seen an increase in sophisticated phishing scams aimed at Office 365 users. Sometimes, these phishing emails are so welldisguised they can pass through spam filters completely undetected - especially when they have already hacked into another legitimate users account.
We have given some good examples of the latest scams - and example 3 was only just received today by a support team member! If in doubt, never click. And if you are a Right-Click IT support client, just call our team and we'll be happy to investigate further for you.
Example 1 (above): Watch out for the correct URL - it may have a https:// - but always check it's from Microsoft (example 1 above).
Example 2 (below) Fake Email from Office 365: Don't forget to hover over links, and check for bad spelling and fake email address.
Example 3 (below): Fake Email from Admin Support - email address is correct but hovering over the link will reveal the fake.
Example 4 (below): Fake Microsoft 365 Email Example
- The 'From' address was not from a Microsoft domain. Alerts from Microsoft a microsoftonline.com email. It actually came an email address of another legitimate company, who were likely victims of a phishing attack or some sort of hack themselves this is how these types of email get through spam filters).
- Alert emails from Microsoft will specify what they’re about in the subject line (like "Your Credit Card is About to Expire") rather than just saying it's an email notification. Notice also the typo with the full stop - an extra space. Spelling typos are normally a big red flag - especially when a legitimate company/corporation is involved.
- Scare tactics! The scammers want to get you to click and log in to the fake sign in screen before you think about things too much.
- & 5. The scammer wants to direct you to a fake login screen (as above). Not on the picture, but if you hover over the link, it doesn't direct you to Office 365 - it's a fake address and a fake site.
- The privacy and legal links are just text – there are no links. A real Microsoft email would link you to legal information on the site.