Rise in Microsoft Office 365 Phishing Attacks
In the last two weeks, we have seen a big increase in Microsofts Phishing attacks. This is an email purporting to be from Microsoft, prompting you to login into your account. If you attempt to login, the attackers immediately have your email and password, giving them access to your account.
Examples of this are:
In both these cases, you can clearly see the "From" address is not a genuine Microsoft address.
Clicking the links on these emails will take you to a login page looking almost identical to Microsoft's login page.
Always check the address bay when you are logging into any website. If there is any doubt whatsoever, directly type the address of the website into your browser prior to logging in.
What if you already logged in?
If you are 365 Customer managed by us, get in touch ASAP. If you are self-managed or this is for another service, ensure you change your password immediately. You must consider this password known and never use it for any other services, and change any other services that use this password.