Be wary of emails sent from an email account ending with microsoftonline.com. Cybercriminals have developed a way to tamper with Office 365 and send phishing emails that appear to come from a legitimate Microsoft email account. However, these are bogus fake emails designed to trick innocent victims. Thousands of people are being robbed of money and/or their Microsoft account credentials due to these phishing emails. 

The email may state that you successfully purchased an expensive service or software. It may also include a phone number to call if the purchase was an error. However, the victim (email recipient) never authorized or made the purchase with Microsoft, so the email immediately elicits panic. When the victim calls the listed phone number to “cancel” the purchase, the scammer who answers the call asks the victim to provide their credit card number so a refund can be issued. The victim unknowingly shares their credit card number with the scammer, which the scammer later uses to steal hundreds or even thousands of dollars from the victim.

Another tactic taken by these criminals may involve “verifying your email account”. The cybercriminals will send a similar email (as shown above) that includes a link for verifying your Microsoft account details. When the victim clicks on the link, he or she is taken to a fake webpage that mimics the Microsoft login page. The victim enters their credentials, and the fake webpage steals the victim’s Microsoft account information. 

Be vigilant when receiving emails that appear to be from Microsoft. Never call the phone number listed on these emails, and do not click on any links within the emails. Instead, go directly to the Microsoft official website then log into your account. Go to the payments section and check for recent transactions. If you choose to call Microsoft customer service, locate the appropriate phone number listed on the official website.