This is a scam
Recently I received a phishing email of exactly the type that we've been warning our clients about and taking measures to protect them from - the kind of phishing email that businesses are being subjected to more and more often. Scammers have realised that the security of Microsoft 365 and SharePoint is top notch, so the easiest way to get hold of valuable company data that can be held for ransom, is to trick users into giving them access with an official log-in.
How do we know it's a scam?
The above email contains many of the classic scam characteristics:
- Bad spelling
- Incorrect logo
- Urgency and threats
- Asking for sensitive information
The main point to remember is that Microsoft will never, ever send an email asking you to enter your login details. They know about scams.
What are we doing to protect our clients?
We recommend and set up multi-factor authentication for our clients so that when they log in to SharePoint, they must also enter a constantly changing code from the authenticator app on their phone to gain access. So even if they were to accidentally provide their login details to a scammer, the scammer would hit a wall at that step.
The major way that the scammers make their money from accessing a company's data in recent times has been to cut off access to the data and then try to hold it for ransom. So we use AvePoint BackUp to comprehensively and regularly back up data for our clients.
We're always happy to provide online security training for businesses. This can be provided as part of the initial SharePoint training or at any point.