Skip to Main Content

Phishing attempt: Microsoft 365 account verification

Published

Phishing attempt: Microsoft 365 account verification

Published

The Information Security Office would like to caution the Miami community about a new phishing attempt that was sent to many Miami users over the weekend.

Some users have received an email stating that they have “two separate logins” to Office 365, and that they need to verify their account, lest they lose it. The email has a link to a Google Form where they are asked to input their username and password. The email appears to urge recipients to react quickly so that they don’t lose access to any accounts.

This is a scam. Miami will never ask for your password for any reason, especially via email, text messaging, or over the phone.

Here is the text of the email:

Your Office 365 account looks to have two separate logins with portals from two distinct colleges.
We expect you to strictly adhere to and resolve it in order to prevent termination within 24 hours.
If this request was made accidentally and you have no knowledge of it Copy and paste the URL Below into the address bar of your web browser to cancel the request
[Redacted Google Form link]
Important: In the form, please enter your email password where indicated.
<ADP> Please Note : ADP means Type your PASSWORD
Please note: This is a one-time submission, and only one entry is allowed.
Failure to Verify will result in the close of your account.

Notably, the subject line of this email is often a variation of “Administrator has started the process,” with the goal of instilling a sense of urgency in the reader.

This is a scam. Please do not click any links in this message or provide current passwords to outside parties. To reiterate: Miami will never ask for your password for any reason, especially via email, text messaging, or over the phone.

Remember: If you receive an email that looks suspicious, it’s better to be safe than sorry - forward the message to InfoSec@MiamiOH.edu, and the information security team will tell you whether it’s legitimate or a fraud.

Tagged:
IT Services Phish Bowl Security Awareness