Don’t Take The Phishing Bait

One of the problems with email phishing is that the senders are getting sneakier. They choose a well know company, ones that most of us use, and send the email looking as close to legitimate as possible.

noun: phishing

  1. the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

At Reliance, we’ve had a number of clients get tricked into revealing their Office 365 credentials via phishing emails. This has resulted in their accounts being used to send out additional phishing or spam emails in their name. Additionally, changes were made to their Outlook profiles in an attempt to hide their activities. The only way to fix this was to change the password to the account and revert any changes made.

Best practice is to never click on a link in an email that is looking to get you to enter your user name and password. Instead, go to the company’s website by entering the website name in a web browser and then login from their login page.

Some things to look for when you receive an email asking you to click on an account link:

  • Spelling errors
  • Grammatical errors
  • Strange characters
  • Hover your mouse over any links and verify the URL they are pointing to
  • Most times this will not match the company it’s supposed to be representing

The example below is an actual email that I received attempting to lure me into giving up my account login credentials. Notice the popped up bubble with the URL. We know the Office 365 site is at “”, yet this link was pointing to “www.taglieforti-italia.x and not anything Microsoft. A clear indication that this is not a legitimate email.

Unfortunately this extra vigilance is required when checking your emails.  Discuss these types of emails with your team and have a back up plan in place in case it is needed. Being aware is the first step in avoiding becoming a victim of a phishing scam.

Speak Your Mind