If you read anything from us, READ THIS!!! People are having their Microsoft 365 accounts compromised at an alarming rate. It usually happens when you get an email from someone you know and trust. You click on the link they ask you to download, which eventually takes you to a webpage requesting for your Microsoft 365 credentials. The webpage looks just like the 365 login page but IT IS NOT. This would be a hacker’s web page, and if you just entered your 365 credentials, now they have your login info and everything in your email account is considered compromised.

These hackers usually then send out email from your account to people you know trying to accomplish the same thing. This attack is extremely difficult to prevent because these bad guys are using very legitimate websites to host their fake 365 login pages and the URLs are very dynamic, keeping them from easily being blocked by URL/Web security systems.

What can you do to stop this? 

  1. The #1 way to stop these compromises is to have CSI help you enable Multi-Factor Authentication on your 365 accounts.  At this point, IT security pretty much requires that all important public login accounts should be using MFA. And your Microsoft 365 accounts definitely qualify as important accounts. storing tons of personal information and documents.  
  2. Be extra cautious anytime you are prompted to enter in your Microsoft 365 credentials.  If you click on any links from an email that lead you to a web page asking for your 365 login info, assume it is likely a malicious website. Contact CSI to ask for help in identifying if an email is malicious. 
  3. Don’t assume just because an email is from someone you know and trust that you should be OK clicking on links to access a file they supposedly sent you. Pick up the phone and check with them if you aren’t certain why they are sending you this email. 

If you do realize that you just entered in your 365 credentials after clicking on links in an email that didn’t really take you to anything you needed, then contact CSI RIGHT AWAY!  We can help you confirm the legitimacy of the email. If you contact us quick enough, we may be able to reset your password before the bad guys even have a chance to compromise the account. Like we always say, we are here to help you!