Free Work From Home Cybersecurity Awareness Training Click Here

The past couple of weeks I have been migrating from Google GSuite to Microsoft Office 365. It was a tedious task only because I had previously had an O365 account a few years ago when I was doing some MS training. When I closed that account my domain wasn’t removed. Anyway, long story short I had to spend some time on Microsoft’s support lines and despite the time zone differences the support was very good.

So after all of that and getting my domain transferred to my new account, it was time to migrate my email, etc from GSuite to O365. Of course, that didn’t go as smoothly as planned but I eventually got it moved without losing any data. Yesterday I was working away and received an email with the subject line “NOTIFICATION Storage Issues”. I first viewed this on my phone, and after going through everything I have with the migration my first thought was “Great, what’s going on now?”

I open the message and this is what I see…

Now I’m getting suspiscious, so I jump on my computer to take a look in to this and see what is going on. Here’s what the email looks like in my email client.

You can see right away that the email did not come from Microsoft when you look at the sending email address. Now I know that it is a phishing email trying to retrieve my account user name and password. I click the link in the message to see where it takes me because I want to see how good these scammers are at creating a capture page.

The page was pretty convincing, it looked exactly like the Microsoft Sign In page….except for the address in the address bar. I did a little poking around and found that the server was being hosted in Russia.

I teach people to not click links and to pause and look at all of the key indicators of a scam, sender email addresses, link addresses, spelling and grammar mistakes, etc. Because I was on my phone and I was just coming out of the frustrating migration, I could have easily just kept going through the process of clicking the link and entering my info and then my account would have been compromised.

The moral of the story is take your time and examine messages carefully. The scammers are taking advantage of the fact that we’re all in a hurry and just click through messages we receive without having presence of mind.