Beware of Phishing Scams Targeting Employees Using Microsoft 365

Phishing attempts, especially COVID-related malicious activities, rose globally according to CSA’s research. One of the most recent phishing scams that allegedly target employees is the impersonation of Microsoft Office 365 emails.

The phishing emails are addressed to all employees working in their targeted organisation. It contains concealed messages of automated SharePoint notifications in an attempt to steal their information or accounts. The message is short and prompt, and suspiciously uses the company or organisation’s name multiple times within the content of the email, together with an embedded link that would redirect to a submission form where victims are asked to input their credentials. This malicious scam could potentially hurt the entire company if just one employee was tricked by the phishing email. Their credentials could further compromise the company’s system, and their personal information could also be used for identity fraud.

Protect yourself and your company from such phishing scams with these best practices:

• Do not open suspicious emails or links from pop-up windows. Your email inbox most likely filters spam or junk messages, but some can still go through. Delete any suspicious email immediately. Never click on a link from suspicious emails or pop-up window ads. If you want to ensure the company’s legitimacy or offer, type in the official website’s address or use the official links provided.


• Keep your details secure. Treat your personal information with the utmost care and don’t answer random surveys anywhere. Scammers can use all the information you provide for their malicious intent.


• Be alert in spotting fake emails. Always check the email content for any grammatical or spelling errors or overly official or forced language. You should also verify the legitimacy of the organisation used in the emails. The scammers usually fail to double-check their content, so it’s reasonably easy to spot any mistakes or differences to official email communications from the company. However, some scam emails will have fewer errors, so to be safe do not click links if you’re not sure about the email.


• Update your device’s OS. Ensure that all your devices’ operating systems are up to date, and those security settings are in place.


• Choose passwords carefully. Create a complicated password choice and use multi-factor authentication whenever you sign up for an account.

Ensure that you keep these best practices in mind so you can avoid these scams. If you or anyone you know got scammed, Singaporeans can report here.