If you receive an alert from Microsoft that looks legit and is a Security Alert, It might just be a phishing email looking to steal your credentials.
The alert does look legit. It is a Microsoft Security Alert. It will claim there is an issue with your account and will prompt you with a link to view more details. It will sound urgent to make you feel like it is an emergency and that you really need to check out the alert, NOW.
Here is the problem with using the normal “hover over the link” detection. It uses true platforms such as Google Docs to look legit. That way, at first glance, it looks safe. However, when you click that link, you are prompted with a Microsoft login page. It is not real!
What to Look For
- As always, misspelled words or an unusual address that it came from.
- Urgent sounding and telling you your account will be locked out.
- QR codes for you to scan.
- Wanting your credentials or 2FA code.
- Vague “TO” language such as “Dear Customer” or “Dear User.”
What to Do
- Do not click on that link! Think about it first, even thought the email is urgent.
- Report it to your system administrator and to [email protected].
- Make sure you are using strong AV software.
- NEVER EVER share via an email, your data such as passwords, credit cards (the email could ask you to update your information or your account will be locker) Log yourself into the site via going to the web browser and entering in the correct URL of the company, in this case, microsoft.com, to verify any claims.
As always, please feel free to reach out to us if you have any thoughts on this.
Stay Safe Out There!