Office 365 Credential Theft

Microsoft Office 365 Users at Risk

“This attack tries to steal your Microsoft® Office 365® (O365) login credentials”

so that criminals can access anything you have stored in O365. This could include your email, OneDrive files, and anything you’ve put in the cloud. An attacker sends a fraudulent email that contains links to an authentic-looking (but fake) O365 login page designed to steal your credentials.


What do I look for?

This is one example of the emails. There are many variations.

  1. Evaluate Sender -Do you think is a legitimate sender? Look for small details that seem off.
  2. Consider Context- Why would you get this email? Did you ask to close your account? At work wouldn’t your IT team handle this, not you? If the request seems odd, use caution
  3. Don’t Panic Don’t legitimate emails offer a reasonable time frame to confirm account changes?
  4. Look at Links -When you hover over links, shouldn’t the URL match what you expect or what’s in the email? This link takes you to Does that sound like a real O365 login page?

How do I protect myself?

If you get an email asking you to log into O365

  1. Looks legitimate: Call or send an instant message to your IT team, security team, or even your boss to verify the email. 
  2. Looks Suspicious: Report it to the appropriate people in your company.

Leave a Reply

Your email address will not be published. Required fields are marked *