Understanding What is Phishing?
Phishing is a type of cyberattack where criminals attempt to steal your sensitive information, like passwords, financial data, or personal details. They often impersonate trustworthy entities to trick you into taking actions that compromise your security.
These attacks can appear in various forms, including emails, text messages, social media direct messages, and even in-game communications. Cybercriminals exploit these avenues because they're effective at deceiving individuals into divulging private information.
Recognizing Key Red Flags of Phishing Attempts
Knowing what to look for is your strongest defense against phishing.
Be wary of urgent calls to action or threats. Phishers create a sense of urgency, urging you to act immediately to claim a reward or avoid a penalty. Always pause and verify the legitimacy of the message before reacting.
Scrutinize the sender. Be cautious of first-time senders, infrequent communications, or messages marked as 'External.' Take extra care when receiving messages from unfamiliar sources.
Watch out for spelling and grammatical errors. Reputable organizations invest in professional content. Errors can be a sign of a fraudulent message, sometimes resulting from translation issues.
Beware of generic greetings. A legitimate organization will likely know your name and tailor their communications accordingly. Generic greetings such as “Dear Sir/Madam” are warning signs.
Examine the email domain. Verify the email address matches the sender's claimed identity. Look closely for subtle misspellings or alterations in the domain name, e.g., micros0ft.com instead of microsoft.com.
Pay attention to Outlook security warnings. If Outlook displays a banner indicating it cannot verify the sender, exercise caution. This suggests potential issues with the email's authentication.
Never click suspicious links or open unexpected attachments. Instead, hover over links to reveal the true destination. On Android, long-press the link to view the full address; on iOS, use a 'light, long-press.'
If feeling pressured, hang up and independently verify the contact information.
Protect Steps to Yourself from Phishing
If you suspect a phishing attempt, write down as many details as possible, including any information you might have shared, such as usernames, passwords, or account numbers, and where the attack happened, be it Teams or Outlook.
Immediately change your passwords on all affected accounts and consider using unique, strong passwords for each account. Enable multifactor authentication (MFA) wherever possible.
If the attack impacts work or school accounts, notify your IT support staff. Contact relevant financial institutions if you shared credit card or bank details. Report any loss of funds or identity theft to local law enforcement.
In Outlook and Outlook.com, mark suspicious messages and report them as 'Report phishing.'
In Microsoft Teams, report suspicious messages. Select 'More options > More actions > Report this message' and select 'Security risk - Spam, phishing, malicious content.'
For email clients other than Outlook, include the phishing message as an attachment in a new email to your security provider.
On suspicious websites in Microsoft Edge, use 'Settings and More (…) > Help and feedback > Report unsafe site.'
For additional information, see securing your devices and accounts and how malware can infect your computer.
“Awareness and vigilance are your best defenses against phishing attacks.
Security Expert
Interactive Resources
Explore these interactive features for enhanced protection
Phishing Quiz
Test your phishing knowledge with our interactive quiz.
Phishing Simulation
Simulate a real-world phishing attempt.
Administrator For s and IT Professionals
Be aware of phishing attempts targeting your Teams users. Take action to educate your users on common phishing tactics and strategies.
If you have a Microsoft 365 subscription with Advanced Threat Protection, consider enabling ATP Anti-phishing to protect your users.