Below are two emails alleging to be Office365 informing the recipient of undelivered messages.  Can you spot which one is the phishing scam?

If you guessed that Email 1 is the phishing scam, you are correct! 

In a new phishing scam targeting Office365 users, hackers are attempting to steal login credentials to infiltrate business’ systems. When the user clicks “Send Again”, it takes users to a fraudulent Office365 login screen. After the information is entered, the site redirects to outlook, leaving the user believing they are in no danger.

This is an example of a high-level phishing scam. 

Quick Ways to Identify Phishing Scams

1. Always look at the URL

If the URL looks in any way incorrect, don’t enter your account information.

If redirected in this case, the URL on the fraudulent landing page is incorrect.

2. Specificity

Phishing scams will generally omit specific names, addresses, or titles and use phrases like “Dear User”

In this case, the email says “Your messages couldn’t be delivered” rather than “Your message to email@address.com couldn’t be delivered.”

3. Display Name

Make sure that the display name matches the URL from the email.

In the fraudulent email, the address is sent from the URL us.ibm.com, rather than as from Microsoft Outlook. 

What can you do?

“Education and vigilance are the best line of defense against these types of attacks,” said Steve Condit, Director of Partner Development for ITonDemand. Keeping you and your staff informed on what to look for is the most effective way to stay secure. 

If you have fallen victim to this scam, the best course of action is to make sure you change the affected passwords as well as any accounts or applications that may have been connected to the affected email address. 

If you still have concerns on how to keep your business secure, contact us here.

Other Articles You Might Be Interested In: