“Phishing” emails are trying to get you to click on a link and enter your username and password. They may use this approach to steal your credentials for a bank, a credit card, or an online account. Some are better than others, but there are some things to look out for.
I received this phishing email this morning trying to steal my Office 365 logon. Ironically, Office 365 delivered this directly to my Inbox, without flagging it as suspicious. This one is a good example of a not-very-good phishing email:
And when you hover the mouse over the Confirm Now button (without clicking):
In summary, when evaluating whether an email is legitimate:
- Check the From address.
- Check for proper grammar, spelling, spacing, and punctuation. Microsoft will not ask you to “update within 12hours to avoid being deactivate.”
- Hover over buttons or links, without clicking, to see where the link would take you.
- Step back and do a “sanity check.” Is there any possibility that your Office 365 account is out of date? You could always log in to your Office 365 portal directly to check.
Not all phishing emails are so poorly constructed. Stay alert. If you need help evaluating an email, contact us.