![\"Fake](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2024\/09\/11222500\/honest-phishing-alert-letter.jpg\")
<\/a><\/p>\nSure, perfect it ain\u2019t: the Microsoft logo is too big and looks odd without the company name; notifications of this kind usually have the Office 365 logo; and the alert itself is a bit muddled. In the second line, for example, it mentions that someone created a \u201cforwarding\/redirect rule\u201d, but the \u201cDetails\u201d line specifies that this alert was triggered because someone gained \u201caccess to read your user\u2019s email\u201d. These details will stand out to the user who gets a lot of Office 365 notifications \u2013 but most users don\u2019t.<\/p>\n
What should really catch even the untrained eye is the sender\u2019s address. Genuine Office 365 notifications signed \u201cThe Office 365 Team\u009d\u201d come from, yes, Microsoft\u2019s email servers, not from an administrator on an unrelated domain.<\/p>\n
The \u201cSeverity\u201d line also looks odd: \u201cInformational\u201d notifications usually don\u2019t require any user action.<\/p>\n
DIY redirect<\/h2>\n
\nConcerned recipients scared into clicking the \u201cView alert details\u201d link are taken to a page that mimics a broken redirect.<\/p>\n
In fact, a cursory check of the browser address bar, or even the name of the tab, clearly shows that this page is hosted in the Google Docs cloud. To be precise, it\u2019s a single-slide presentation with a link. The purpose behind it is that the initial phishing email contains only a link to docs.google.com, which has a positive reputation in the eyes of most anti-phishing engines. Recipients are invited to follow the link because automating a redirect from a presentation slide is simply impossible, and the attackers need some way to lure them to the phishing site; the victim is asked to walk into the trap themselves.<\/p>\n These are all clear signs of phishing that you need to watch out for every time you follow a link in a corporate email. The finale isn\u2019t hard to guess: a simple page for harvesting Office 365 credentials. The address gives it away, of course.<\/p>\n \nWe recommend regular training for employees in the art of spotting the latest cybercriminal tricks (for example, by showing them our posts dedicated to signs of phishing<\/a>). It\u2019s even better to use a dedicated platform<\/a> to raise cybersecurity awareness throughout the company.<\/p>\n And to make extra sure, provide corporate users with multi-layered anti-phishing protection capable of both filtering out bulk emails at the mail gateway<\/a> level and blocking redirects to dangerous web pages using security solutions<\/a> on a workstation.<\/p>\n\n","protected":false},"excerpt":{"rendered":" An Office 365 security alert as bait in a phishing email.<\/p>\n","protected":false},"author":2598,"featured_media":23266,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917],"tags":[2659],"class_list":{"0":"post-23264","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-signs-of-phishing"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/honest-phishing-alert\/23264\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/honest-phishing-alert\/27978\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/honest-phishing-alert\/28153\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/honest-phishing-alert\/38222\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/honest-phishing-alert\/52137\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/honest-phishing-alert\/37208\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/honest-phishing-alert\/28278\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/honest-phishing-alert\/34085\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/honest-phishing-alert\/33740\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/signs-of-phishing\/","name":"signs of phishing"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=23264"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23264\/revisions"}],"predecessor-version":[{"id":23265,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23264\/revisions\/23265"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/23266"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=23264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=23264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=23264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/a><\/p>\n<\/a><\/p>\nHow to protect employees from phishing<\/h2>\n