Online Threat Alerts (OTA) - Alerting you to scams and frauds.

Microsoft 365 Scam - How to Protect Yourself
Microsoft 365 Scam - How to Protect Yourself

Microsoft 365 scams often involve phishing emails that mimic authentic document-sharing or subscription renewal notifications. Scammers trick users into handing over their access tokens or entering device codes on fake login pages. To protect your account, never click on unverified links or enter login codes sent via unsolicited emails.

Common Microsoft 365 Scams

  • Device Code Hijacking (Kali365): The FBI has issued warnings regarding the "Kali365" scam. Attackers send fake emails appearing to come from cloud productivity services that provide a device code, directing you to input it on a genuine Microsoft page to access a "document." Entering this code grants hackers persistent access to your account.
  • Fake Subscription Renewals: Fraudsters send emails claiming your Microsoft 365 subscription is expiring or that an unauthorized charge has been applied, prompting you to call a fake support number or click a fraudulent payment link.
  • Account Compromise: Hackers use these scams to access your Outlook, Teams, and OneDrive to steal sensitive information and launch further attacks.

How to Verify and Protect Yourself

  • Check the Sender: Microsoft emails regarding your account should end in @accountprotection.microsoft.com.
  • Do Not Enter Unsolicited Codes: If an email or text provides a code for you to enter on a Microsoft portal, do not do it unless you actively initiated the login process.
  • Verify Directly: Do not use links in unexpected emails. Instead, navigate directly to your Microsoft Account to check your active subscriptions and security alerts.

If You've Been Scammed

  1. Report the Fraud: If you have interacted with a scammer or lost funds, use the official Microsoft Fraud Reporting tool to flag the activity.
  2. Contact Authorities: Report the incident to the FBI’s Internet Crime Complaint Center.
  3. Secure Your Account: Change your password immediately and review your active sessions and connected devices in your security settings.
waiting