Specific MS365 Phishing Email

Last week several of our clients who use Microsoft 365 received the same, very particular phishing email from the same sender - vanessa@alfosomoraleslaw.com. Of course our advice was to immediately delete it. The red flags are the usual: urgency, poor grammar; this one didn't even bother to get the Microsoft logo right. I haven't included the original link here for obvious reasons but when I hovered over it the destination was quite clearly not Microsoft. It was mostly nonsense, but it did include the name of some kind of agency based in Singapore.  

What I found interesting about this one is that Alfonso Morales Law seems to be a real company that actually does exist in California. It seems that poor Vanessa may have had her MS365 account details stolen, probably from another phishing email scam. And thus this email becomes a cautionary tale. I tried going to their website this morning and my browser tells me it's not secure. I hate to think what this law firm is currently dealing with. Another timely reminder for all of us about the importance of keeping our MS365 login credentials safe, and never clicking links in emails unless we're 100% completely sure they're safe (including QR codes, which are also links).

Remember, Microsoft in particular will absolutely not send you emails asking that you log in to your MS365 account, even if the link brings up a separate username and password window that looks familiar. Your password will not expire, your email address will not expire, and you don't need to scan a QR code any time except at initial set up. 

The only legitimate email I have seen from Microsoft relating to MS365 is for personal users who renew their licenses themselves annually. Occasionally one of our safety-conscious personal clients ask us about them (which I welcome). And what I recommend is applicable here - even if you're very confident that an email from Microsoft is legitimate, don't use the link. Just log in to your Microsoft 365 account online at office.com and find the licensing page that way. It's the same with emails from IRD etc etc. If in doubt, chuck it out (or email us to ask as many of our clients did last week).