A Sample of a "Microsoft Office 365 Violation of Policy" Phishing Scam
From: Microsoft@outlook.messages.com <Microsoft@outlook.messages.com>
Sent: 28 April 2017 06:19
To: AGS ICT-Admin
Subject: You have violated our policy
[email address] have constantly made attempts to violate our online violation policy
We want to notify you that your email account will be disabled today
Note: If you do not know anything about this violation attempts, Please kindly cancel the unknown violation attempt process immediately before we disable your email permanently.
Click here to cancel all unknown violation attempts
If you want your email account disabled please ignore this message.
Powered by Microsoft Outlook
Once cybercriminals have gotten their potential victims’ account credentials (usernames and passwords), they will use it to hijack their Microsoft accounts and use them fraudulently. Therefore, recipients of the phishing email message (see below) who were tricked into clicking on the link within it and have attempted to sign into the phishing or fake website that they were taken, are asked to change their Microsoft account passwords immediately, before they are hijacked and used fraudulently by cybercriminals.
Microsoft users should never click on a link to sign into their accounts, they should instead, go directly to https://account.microsoft.com/ and sign-in from there. If there is something that needs to be done to their accounts, they will be notified. This is will prevent Microsoft users from visiting phishing websites disguised as legitimate Microsoft website that steals account credentials.