Scam Alert - Office 365 Password Theft


There has been an increase of phishing emails to our customers pretending to be from Office 365. These scams are designed to trick users into sending their usernames and passwords to untrusted sources. Cyber thieves can use your email account to conduct fraudulent activities and steal funds from your business.

How this Office 365 scam works:

1. A user will receive an impersonated Office 365 email notification. The email instructs you to login to your account for an urgent matter by clicking on one of their hyperlinks. For example, the email might say you are running out of storage, need to review quarantined emails or about to get your account shut down.

2. When you click on the email hyperlink, you will be directed to a spoofed Office 365 web portal. These sites usually have the same look and feel of the Office 365 login page but use an incorrect web address. The visitors will enter their username and password into the portal. This information will get sent to the cyber thieves and you will get a message that you entered the incorrect login information. Afterward, you will get redirected to a legitimate Office 365 portal and presumably be able to login into your account successfully.

3. The cyberthieves will take control of your mailbox and spy on your activities. They'll also set up customized rules to delete their emails before you can notice them and send phishing emails to your contacts.

4. The thieves can pretend to be you and demand your accounting department or bank to wire funds to their account. If the bank calls you to follow up and your voicemails are sent to your email account, the thieves can call back to confirm. Soon enough, your accounting department will discover the company was swindled out of tens or even hundreds of thousands of dollars.

What should you do?

If you receive any email notices claiming to be from Office 365, cross check the request by going directly to the Office 365 portal to log in.

Make sure the email and hyperlink URLs matches up to If the email address lists a foreign domain extension, such as .it or .ru, that would be a sign of a phishing email. Also, hover your mouse over the hyperlinks to see the destination URL in the pop-up.

Use email and web filtering software. If you are not already using these programs, SwiftTech has these programs available in our security packages.

Use long and complex Office 365 passwords. These passwords should be changed every three months and not used for other services.

Provide employee cybersecurity training on spotting phishing emails and ensuring they don't give login information to hackers. SwiftTech can assist with setting up these programs.

Follow up on unexpected email requests for private information and wiring large sums of money. For example, if an accounting employee receives an email from the CEO to wire $50,000 to an account, he or she will need to confirm by phone or in person.

Use multi-factor authentication methods for your Office 365 and financial accounts. Usually, this consists of receiving a one time code by phone or text message whenever signing in to an account. Banks also offer to send these codes either through their mobile application or their security token device.

Contact us (This email address is being protected from spambots. You need JavaScript enabled to view it. or 877-794-3811) if you notice any suspicious emails.

If you believe you are the victim of wire fraud, contact your bank right away. You can see if they can reverse the wire transfer and put a freeze on any remaining funds.


At SwiftTech, our team works hard at providing many layers of security on our clients' email accounts. We will continue to use best-practice security measures and improve on them over time. However, no methods are 100% foolproof. Please make sure to review this issue with your employees so they can protect your business from these type of scams.


Contact us at 877-794-3811 or [email protected] for Professional IT Support

get in touch