Instructions to help you avoid email scams
This help document is intended to show you how scammers use fake Microsoft sign-in websites to trick you into giving up your email password. If you have a short attention span or don’t have time to absorb this much information, then please just remember one single thing: Don’t ever enter your work email password into any website whose address doesn’t begin with https://login.microsoftonline.com
Note: These instructions are for email services hosted by Microsoft 365. Gmail and other services would differ.
The address can include more after that, but it MUST begin with https://login.microsoftonline.com
It doesn’t matter how convincing the website design or Microsoft logo is. The ONLY thing that matters is that the address begins with https://login.microsoftonline.com. It is the single most important thing you can know to help protect yourself from being scammed.
99% of scam emails are designed to fool you into making this one critical mistake. Don’t get fooled!
Even the multi-factor authentication (MFA) which is an added layer of security won’t protect you if you provide the verification code to a scam website, which is anything that doesn’t begin with https://login.microsoftonline.com
And don’t just assume everything in an email is safe because it came from someone you know. “Someone you know” is exactly who most of the scam emails come from. After they’ve been fooled into giving up their password, the scam email goes out to everyone they know – including you.
The legit Microsoft login website address will look similar to the one pictured below. Most important of all: the address.
But unfortunately, it does get a little more complicated. Microsoft apps like Outlook, Teams, OneDrive, Word and Excel can also prompt you for logins so those apps can connect to Microsoft cloud based services. In that case, you’ll get a smaller login box without any address at all. All the examples below are legitimate and came from a variety of legitimate Microsoft apps. Notice there’s no address bar at the top – because these login boxes are being generated by the Microsoft apps.
Bottom line: If you have any doubt stop and reach out to us so we can confirm.
Below is an email recently received from a legitimate contact who had been scammed into giving up their own password. Unfortunately, this scam succeeded in convincing one of our customers to give up their password. On closer inspection, you can see how it would have been easy to get fooled — if you weren’t looking in the right places.
On first glance, the email looks somewhat convincing. It came from someone familiar to the recipient. It had the recipient’s name in the body of the email. The wording is suspicious, as is the case in many scam emails. But without reading it closely, that might not stand out. The “review” PDF file opens to a third-party site which should have been the first big red flag. But you’d have to look at the website address to realize that. When it then opens to a (fake) Microsoft login page, that should have set off major alarms. A logical first question would be: Why do I have to sign into my email account to open this PDF file that I didn’t even ask for to begin with? And here’s where our earlier most important thing to remember could have saved the day. The address of the (fake) Microsoft login page was obviously not legitimate Microsoft. Not even close. ALWAYS check the address of any website before you start typing your email password. Almost always, it will be clearly evident whether it’s legit Microsoft or some fake phishing scam site trying to steal your password. STOP before you TYPE.
The first leg of the scam takes you to a website posing as legit storage for an Adobe PDF file you’re asked to review.
From there you’re taken to the fake Microsoft login page. This is where you can save yourself by simply looking at the address at the top of the page. If you rush on past and start entering your info, you’re well on your way to being scammed. If you enter your email password and authentication code, you’re fully scammed.