Beware of Phishing Scams Targeting Employees Using Microsoft 365
There have been more than 25,000 cases of phishing scams officially reported through Scamwatch this year. With four out of 10 workers shifting to the work-from-home scheme due to the rising COVID-19 cases, scammers often target these employees using various types of sophisticated phishing scams.
One of the most recent phishing scams that allegedly target employees is the impersonation of Microsoft Office 365 emails. The phishing emails are addressed to all employees working in their targeted organisation. The email contains concealed messages of automated SharePoint notifications in an attempt to steal their information or accounts. The message is short and prompt, and suspiciously uses the company or organisation’s name multiple times within the content of the email, together with an embedded link that would redirect to a submission form where victims are asked to input their credentials. This malicious scam could potentially hurt the entire company if just one employee was tricked by the phishing email . Their credentials could further compromise the company’s system, and their personal information could also be used for identity fraud.
Protect yourself and your company from such phishing scams with these best practices:
- Do not open suspicious emails or links from pop-up windows. Your email inbox most likely filters spam or junk messages, but some can still go through. Delete any suspicious email immediately. Never click on a link from suspicious emails or pop-up window ads. If you want to ensure the company’s legitimacy or offer, type in the official website’s address or use the official links provided.
- Keep your details secure. Treat your personal information with the utmost care and don’t answer random surveys anywhere. Scammers can use all the information you provide for their malicious intent.
- Be alert in spotting fake emails. Always check the email content for any grammatical or spelling errors or overly official or forced language. You should also verify the legitimacy of the organisation used in the emails. The scammers usually fail to double-check their content, so it’s reasonably easy to spot any mistakes or differences to official email communications from the company. However, some scam emails will have fewer errors, so to be safe do not click links if you’re not sure about the email.
- Update your device’s OS. Ensure that all your devices’ operating systems are up to date, and those security settings are in place.
- Choose passwords carefully. Create a complicated password choice and use multi-factor authentication whenever you sign up for an account.
Ensure that you keep these best practices in mind so you can avoid phishing and other scams. If you or anyone you know got scammed, you can report it to Scamwatch.
