Email Phishing

ALERT: Phishers Are Hard At Work With Bogus Microsoft Emails

One of our very good clients received an email, supposedly from Microsoft:

Regular readers of our blog would quickly see that this email is bogus. By hovering your mouse over the button (that’s hover—not click!), you can see the actual URL the button is linked to. No surprise here—the link is not to Microsoft.

Notice the provocative subject line: “Regain your inbox access”. This is a phishing ploy to elicit high emotion and get you to click the link without thinking. Another clue is to look at the email address of the sender—again, in this case, it is not coming from Microsoft.

The funny thing is, as I was writing this post, I received a phishing email supposedly from OneDrive, another Microsoft product. This one has a “View Fax Message” button. Again, the URL the button is linked to is not Microsoft.

This email doesn’t even show a recipient address. Once again, I hovered my mouse over the button and the destination URL is clearly not Microsoft. As in the previous example, the sender’s email address has nothing to do with Microsoft either.

My Advice:

  1. Look at all unexpected emails very carefully even if they appear to be coming from a trusted brand.
  2. Investigate links within emails by hovering your mouse over them to see where they actually go, making sure you do not inadvertently click on them.
  3. NEVER open any attachments in an email, especially if you were not expecting them.
  4. If you think an email is from a legitimate source, go directly to the company’s official website (never through a link in an email) or call their official, published number and inquire.
  5. Make sure everyone in your office follows this advice. Remember, a devastating malware and/or ransomware attack is only a click away.
  6. Ensure that your backups are working and that the backups you do have are viable so you can quickly recover from a ransomware attack.

Don’t become a victim—think before you click!

XSolutions is a Managed Services Provider (MSP) located in Rockland County, NY and has been serving New York, New Jersey and Connecticut businesses since 1999. XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutionsCall (845) 362-9675 for a free consultation.