Getting emails from Microsoft? What’s real, and what’s “phishy”?

Due to the prevalence of Microsoft Office365 being leveraged by businesses as their corporate email platform, bad actors will often “spoof” emails that appear to be from Microsoft but in fact, are not. Microsoft has resisted directly emailing users of Office365 so as to not be confused with the volume of fake emails that appeared to be coming from them – until now.

It was recently announced that Microsoft will be emailing product tips and tricks of the Office365 platform directly to users. They have assured the community that “…we will not send your users sales, marketing, or advertising messages.”

However, now that legitimate emails will be sent with tips and tricks to users, it’s only a matter of time before bad actors alter their game and send malicious emails that have the look and feel of the legitimate emails to conduct their dirty business. For those that have attended our Cybersecurity Awareness Training sessions, this is an example of “Clone Phishing” as was discussed.

Therefore, use a Healthy Dose of Skepticism and be wary of any emails that look like they may be from Microsoft to be sure they are – hover over links to be sure they guide you back to Microsoft-affiliated sites, make sure it’s on an HTTPS page, and never provide user names, passwords, or other personal information if prompted to do so.

Keep Calm – Compute On!