Phishing Emails and How to Handle Them
I’m sure many of you have seen and/or even received an email that looked very similar to the above example. And, I am sure, many of you clicked the link and attempted to enter your Microsoft 365 credentials so you could view the document. Then, maybe the same day, maybe even a week or longer later, you start getting emails from customers and peers asking if the email they got with a link to a document is legit and if was it actually sent by you. What happened was that you had been PHISHED!
Phishing scams are messages intended to steal personal and financial information by pretending to be from trusted sources, like banks, vendors, or even internal departments. These messages often look real enough to trick people into sharing sensitive data or downloading harmful files. The above-referenced email tricks you into sharing your Microsoft 365 credentials and then those credentials are used to hijack your MS365 account to send out other unauthorized emails. I am going to quickly give you some steps to take to protect against phishing emails. Most of this applies to Microsoft 365 but can be adjusted for most email accounts. (Note: These are general best practices. Make sure to follow your organization’s phishing and spam email guidelines.)
- Immediately reset the user’s password. Do not send this via email or IM.
- If not already, enable Multifactor Authentication, aka, MFA or 2FA.
- Check for the presence of and remove any suspicious forwarding rules on the account.
- Check for the presence of and remove any suspicious inbox rules on the account from the web version of the email client.
- Sign the user out of all sessions.
These steps should free up the account and get it back to normal status. It is also a good idea to download a CSV file of all the email addresses to which an unauthorized email was sent warning them of the possibility that their account may be compromised as well if they clicked any links in the unauthorized email.
Don’t get too discouraged if you have been tricked by one of these emails. Most times these emails have come from a legitimate sender and the hackers are getting better and better at making the emails look legit, so it is easier than ever to be fooled by them. We have decided that if we get an email with a link to a shared document, we are going to follow up with an email to the sender to validate the legitimacy of the email. Good luck in the continued battle against the hackers! Feel free to reach out with any questions or comments – ttooley@bloss-dillard.com.