Published 21 August 2018
In this Article, I'd like to make people aware of the basic rules of thumb to prevent them falling into a very real and costly trap. Phishing scams are easy to fall for so this article is worth a read. Be vigilant.
Latest phishing scam – what to look out for
There’s been a spate of emails doing the rounds claiming to be from Microsoft trying to get users to verify their office 365 accounts.
What is phishing?
When a user attempts to enter their personal details, they are often found to be unable to log in to what they think is their Office 365 account using their username and password.
At this point, they give up trying and usually forget about it.
How can a phishing scam hurt me?
What they are often blissfully unaware of is that their user details are now captured and stored in someone else’s database.
And that someone, usually a criminal, can now access their email account and potentially do a whole list of activities including:
- Learning about you, who you are, who you communicate with
- Communicating on your behalf (often deleting the sent item)
- Making requests (often ones to pay people who you are unaware of)
- Resetting/accessing other services to make purchases on your behalf
Can you see how potentially damaging this can be?
Many of us have all seen the emails, which have done the rounds, requesting payments to be made to bogus suppliers.
It’s easy to assume that (being unaware of) a director of a company’s email account was (previously) hacked using the methods described above, that a subsequent email from the director to make a payment to someone would appear quite legit?
It’s even easier for the criminals if they actually send the email from the users account having learned a bit about the aforementioned director by simply reading his email communications.
What do I need to know about phishing scams?
Microsoft does not send out emails to its users of the Office 365 email service requesting username/password validation.
The only email you should expect from Microsoft is the one telling you about filtered emails by way of its daily SPAM digest.
That’s it, nothing more.
How to avoid a phishing scam?
Please ignore any emails from Microsoft, and any email from any other source requesting username and password verification.
If in doubt, ask either your line manager or our technical people at Apograph LTD.
We are here to help and keep you running smoothly. It’s in our interests.