Below are two emails alleging to be Office365 informing the recipient of undelivered messages. Can you spot which one is the phishing scam?
If you guessed that Email 1 is the phishing scam, you are correct!
In a new phishing scam targeting Office365 users, hackers are attempting to steal login credentials to infiltrate business’ systems. When the user clicks “Send Again”, it takes users to a fraudulent Office365 login screen. After the information is entered, the site redirects to outlook, leaving the user believing they are in no danger.
This is an example of a high-level phishing scam.
Quick Ways to Identify Phishing Scams
1. Always look at the URL
If the URL looks in any way incorrect, don’t enter your account information.
If redirected in this case, the URL on the fraudulent landing page is incorrect.
Phishing scams will generally omit specific names, addresses, or titles and use phrases like “Dear User”
In this case, the email says “Your messages couldn’t be delivered” rather than “Your message to email@example.com couldn’t be delivered.”
3. Display Name
Make sure that the display name matches the URL from the email.
In the fraudulent email, the address is sent from the URL us.ibm.com, rather than as from Microsoft Outlook.
What can you do?
“Education and vigilance are the best line of defense against these types of attacks,” said Steve Condit, Director of Partner Development for ITonDemand. Keeping you and your staff informed on what to look for is the most effective way to stay secure.
If you have fallen victim to this scam, the best course of action is to make sure you change the affected passwords as well as any accounts or applications that may have been connected to the affected email address.
If you still have concerns on how to keep your business secure, contact us here.
Download our infographic and learn how to identify a phishing scam when you see one.
Other Articles You Might Be Interested In:
Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...read more
Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.read more
Founded in 1999, ITonDemand helps businesses and associations across the US achieve growth by guiding and supporting IT infrastructure and providing cybersecurity management. ITonDemand’s Core Solution and Security+ have been recognized among both Managed Services and Cybersecurity Providers as a member of the MSP Pioneer 250 and the Top 200 MSSPs.