Phishing Attacks

Microsoft 365 email is very secure and Microsoft works tirelessly to stop hackers. At Databais we also work hard to prevent hackers from bothering you through using SPF, DKIM and DMARC. The sad truth however is that criminals are working just as hard at finding ways around all the security we have in place. It is therefore also your responsibility to be vigilant when it comes to email security because the only way the hackers can really get access is if you give them the power by filling in your details when they ask you to via a phishing email.

A phishing email is an email that appears legitimate but is actually an attempt to get your personal information or steal your money.

A phishing email could be an email that promises a reward. “Click on this link to get your tax refund!”. It could be a document that appears to come from a friend, bank, or other reputable organization such as Microsoft. The message could be something like “Your document is hosted by an online storage provider and you need to enter your email address and password to open it.” It could also be an invoice from an online retailer or supplier for a purchase or order that you did not make. The attachment could appear to be a protected or locked document, and you would need to enter your email address and password to open it. It could even be an email from Microsoft telling you that your mailbox is full / they have implemented an update and you need to enter your email address and password.

The entire point of the phishing email is to get you to enter your email address and password which is something you must never do.

What these scammers are after is the person in charge of finance, and once they have access to a mailbox, they change rules in the mailbox and monitor the mailbox until they find the finance person of the business and then that person will get a special rule where mail sent by the scammer from the hacked mailbox is marked as read and placed in a hidden folder. They then try and make that person pay them money via various means. It has worked many times before as the financial person will be receiving mail from a known and trusted contact within their organization.

What you need to remember with email security is that Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to provide technical support to fix your computer. Any communication with Microsoft has to be initiated by you. Any email that you receive that asks you to enter your email address and password should be marked as spam and the sender blocked. To do this, highlight the message, click on: message > spam email > mark as junk / block sender.

It is that simple to keep secure. Never enter your email address and password anywhere if asked to do so.

Related KB articles