Recently, we discovered hackers are signing up with Microsoft Office 365 and creating a publicly available form to trick users into providing their email and passwords. They are sending out emails that look like legitimate Office 365 encrypted emails and the "Read the Message" link is going to a valid office.com website, BUT it is not a link to the Office 365 encryption portal.
This is relevant for everyone, even if you do not have Office 365 as your email provider.
Your employees are more than likely already receiving legitimate emails from vendors or customers who utilize Office 365 email encryption. They may be accustomed to seeing Office 365 email encryption messages, so it will benefit them to know the difference between the legitimate Office 365 encryption message and the fake Office 365 Forms website, which is just there to capture your email and password.
If you receive a "secure email" notice and are sent directly to a website https://forms.microsoft.com, DO NOT enter your credentials.
See below for examples.
Original Email Received:
You are then sent to:
You should be sent to one of the following pages, with the option to choose a "one time passcode":
As a Microsoft Certified Parter and a Full-Suite IT firm, we can help with all of your business technology needs.
Contact us today for a free technology consultation.