We are seeing increasing numbers of emails asking for staff to reset their email passwords or login to Office365 for another reason. These are phishing emails designed to steal account details. They usually direct you to a fake Microsoft page where it asks you to login. Once you do your username and password will have been stolen! If you get any similar emails or suspect they are phishing emails there are a few steps you can take to check if they are fake –
- Check the sender address. These are often nothing to do with Microsoft or your company, but can look similar. For example, micr0soft0nline .com or yourccompanynname .com etc
- Hover (don’t click) your mouse over the link in the email it asks you to follow. You should see the full web access that the link refers to. This is often not a legitimate website address or may again look similar to Microsoft but be subtly different.
- Look at the language or format of the email. Often, but not always, the English is poor or the format of the email looks wrong.
- Are you expecting the email? is it unusual? If so, call your IT team to check if it is legitimate or not. If in any double delete it.
If you do fall for one of these phishing emails don’t worry it can happen to anyone. But you need to tell you IT department as soon as possible and reset your password immediately.
If you are concerned about IT security and want to discuss how Greystone can help