Office 365 users are being targeted with a phishing attack claiming your password has been expired.
The email appears to be an automated alert email from “Microsoft Outlook” asking you to sign in to a fake Office 365 site and renew your password or else risk being locked out from your account.
There are some major red flags that give this phish away:
- The sender’s real address does not come from Microsoft. A real Office 365 email notification would come from MicrosoftOffice365@email.office.com
- Threatening to block your account is meant to scare you to get you to click before having a chance to think about it.
- When hovering over the link in the email, it shows that it will not take you to a Microsoft.com or office.com domain. This is your biggest and most important red flag. Always check the URL before you log in to any site and avoid clicking on links in emails you haven’t expected.