Mobile App You're mobile and so is your bank. Get the app

You are now leaving EmpriseBank.com

You are now leaving the Emprise Bank website. Linked web pages are not under the control of Emprise Bank, its affiliates or subsidiaries. Be aware the privacy policy of the site to which you are going may differ from that of Emprise Bank. Emprise Bank provides external links as a convenience and is not responsible for the content or security of any linked web page.

Click “OK” to continue or “CANCEL” to stay on the Emprise Bank website.

Office 365 Phishing Scam

Timing is crucial when dealing with information security. It is important that you act fast if you ever feel that you have been a target of a phishing campaign and may have provided a username or email to a malicious website. The following content will demonstrate some of the red flags that were identified from a real phishing email and spoofed Office 365 login page.

Ideally, these red flags would have been noticed and the phishing campaign would not have been successful. However, even though this victim may have fallen for the phishing email, their quick actions prevented a possible breach.

After entering an email and password into the spoofed login page, they realized their mistake and quickly changed their password. Within 10 minutes, failed login attempts to their account were being reported. If the victim had delayed changing their password, the attackers behind this phishing campaign would have had access to all that person’s emails.

Here is an example of the email that was initially received, notifying them that their mailbox was almost full and required action.

In this example, the email was timed perfectly as this person was already conscious of their mailbox size and was intending to clear out old emails.

This email has a couple of red flags that should stand out:

After clicking the blue button, a browser window opened up with what appeared to be the Office 365 login page. This login page perfectly spoofed the legitimate Office 365 login page, right down to the crawling dots that appear after entering an email address.

The above screenshot is an actual phishing page trying to collect emails and passwords. This page has two red flags that you should look out for when entering emails and passwords into login pages.

Remember: Act fast if you ever feel that you have been a target of a phishing campaign!