Security | May 10, 2019
Microsoft Payment Scam
I received this email this morning, extra sneaky...
They are sending the phish email through an internal microsoft domain .onmicrosoft.com (which is created when Office 365 Email is first setup).
This internal domain is automatically white-listed by Microsoft and it is allowed to come through!
These emails may not go to spam folder and may come to your inbox still.
This is something Microsoft are very aware of, but still haven't got a solution for it yet.
- Check the from address (it will not be microsoft.com)
- Hover over the address it is trying to get you to click on (address may look like microsoft - read carefully and don't click)
- Delete the email
This example uses a mixture of fake website addresses and real ones (at the bottom) to make it look more realistic and entice you into clicking on it, so please be careful.
If you are not sure, send the email to us and we can detonate for you and sus out if it is legit.