While phishing scams are commonplace and in general, savvy web users know what to look out for, for many there's still that 'double-take' moment when a speculative scam email resonates.
This morning one landed in my Inbox and whilst rudimentary in its appearance compared with more carefully designed phishing scam emails, the approach of this one is subtle enough to make it worthy of a quick mention.
So here's the email:
As you can see, the domain name used is NOT an official Microsoft one, despite a weak attempt at including the word 'Office'.
What happens when you click on it?
Don't bother finding out! Clicking it will most likely result in notifying the scammer that stage 1 of their attempt to steal your info was successful, and lead you to a website that looks like a reasonably genuine Office365 page, where it will ask you to login to 'restore your access' or suchlike.
If you don't, you'll have already flagged youself as a potential target, opening yourself up to more attempts in future.
Here's how to deal with it.
Report it to Microsoft by either creating a blank email to firstname.lastname@example.org and sending the phishing email to them as an attachment, or by using the tools available in either Microsoft Outlook or Outlook on the web, as detailed here.