Cybersecurityoffice 365 password theft

There has been an increase in phishing emails to our customers pretending to be from Microsoft 365. These scams are designed to trick users into sending their usernames and passwords to untrusted sources. Cyber thieves can use your email account to conduct fraudulent activities and steal funds from your business.

How do Microsoft 365 email scams work?

  1. A user will receive an impersonated Microsoft 365 email notification. The email instructs you to log in to your account for an urgent matter by clicking on one of their hyperlinks. For example, the email might say you are running out of storage, need to review quarantined emails, or are about to get your account shut down.
  2. When you click on the email hyperlink, you will be directed to a spoofed Microsoft 365 web portal. These sites usually have the same look and feel as the Microsoft 365 login page but use an incorrect web address. The visitors will enter their username and password into the portal. This information will get sent to the cyber thieves and you will get a message that you entered the incorrect login information. Afterward, you will get redirected to a legitimate Microsoft 365 portal and presumably be able to login into your account successfully.
  3. Cyber thieves will take control of your mailbox and spy on your activities. They’ll also set up customized rules to delete their emails before you can notice them and send phishing emails to your contacts.
  4. The thieves can pretend to be you and demand your accounting department or bank wire funds to their account. If the bank calls you to follow up and your voicemails are sent to your email account, the thieves can call back to confirm. Soon enough, your accounting department will discover the company was swindled out of tens or even hundreds of thousands of dollars.

How can you protect yourself against Microsoft 365 email scams?

  • If you receive any email notices claiming to be from Microsoft 365, cross-check the request by going directly to the Microsoft 365 portal to log in.
  • Make sure the email and hyperlink URLs match up to If the email address lists a foreign domain extension, such as .it or .ru, that would be a sign of a phishing email. Also, hover your mouse over the hyperlinks to see the destination URL in the pop-up.
  • Use email and web filtering software. If you are not already using these programs, SwiftTech has these programs available in our security packages.
  • Use long and complex Microsoft 365 passwords. These passwords should be changed every three months and not used for other services.
  • Provide employee cybersecurity training on spotting phishing emails and ensuring they don’t give login information to hackers. SwiftTech can assist with setting up these programs.
  • Follow up on unexpected email requests for private information and wiring large sums of money. For example, if an accounting employee receives an email from the CEO to wire $50,000 to an account, he or she will need to confirm by phone or in person.
  • Use multi-factor authentication methods for your Microsoft and financial accounts. Usually, this consists of receiving a one-time code by phone or text message whenever signing in to an account. Banks also offer to send these codes either through their mobile application or their security token device.
  • Contact us ( or 877-794-3811) if you notice any suspicious emails.
  • If you believe you are the victim of wire fraud, contact your bank right away. You can see if they can reverse the wire transfer and put a freeze on any remaining funds.

At SwiftTech, our team works hard at providing many layers of security on our clients’ email accounts. We will continue to use best-practice security measures and improve on them over time. However, no methods are 100% foolproof. Please make sure to review this issue with your employees so they can protect your business from these types of scams.