The latest round of fake Office 365 emails are starting to hit inboxes.

These brief emails will say your Office 365 account has an “unresolved change” and you need to sign in to continue using your account without interruption. The sign-in link will take you to a fake login page where the scammers are hoping to capture your password.

*Do not click on any unexpected links regarding your Office 365 accounts*. An easy way to spot a fake email is to look at the “from” address. Most scam emails will not take the time to mask the from address. Also, if you mouse over the “sign in” link, the address will not be related to Microsoft.

What to do if you followed a bad link
The goal with most phishing attempts is to obtain your password. If you followed a bad link and entered your password, you need to do two things. First, go to portal.office.com and change your password and then review your profile information (found in the top right corner) to check and see if any of your information has been changed.

How to reduce your vulnerability to phishing attempts.
Here are some general tips on how you can avoid this type of issue:

  • Avoid suspicious or unexpected links or email attachments. Most phishing and malware still depends on tricking a user into clicking on a link or opening up a file in an email. These will often appear to come from a trusted source, so always confirm the validity of an unexpected link or attachment from a friend, vendor, or colleague.
  • Back up your files. For ransomware, the best way to combat this problem is to wipe an infected machine and restore it from your backups. Daily backups limit your data loss to what you were working on that day.
  • Type web addresses directly into your browser. A good way to get around fake links is to just manually type in the address. The main goal with a phishing scam is to get you to a fake page through a link that looks legitimate. Typing in the link for your email or your bank is an easy and powerful way to avoid these traps.