Security Guide
Phishing awareness guide
Phishing remains one of the most common ways businesses lose access to accounts, expose sensitive information, and trigger broader security incidents. This guide covers the most important warning signs and response steps.
Phishing
Impersonation
Microsoft 365
User Awareness
Awareness
Common signs of phishing
- Unexpected urgency or pressure to act immediately
- Requests to verify passwords, MFA codes, or payment details
- Lookalike domains, misspelled sender names, or strange reply-to addresses
- Unexpected attachments or links
- Messages that create fear, panic, or false deadlines
Awareness
High-risk phishing scenarios
- Microsoft 365 login prompts claiming your mailbox is full
- Invoice or payment redirect scams
- Fake support requests asking for remote access
- Payroll, W-2, or gift card impersonation emails
- Text-message delivery alerts with suspicious links
Awareness
What users should do
- Stop and verify before clicking links or opening attachments
- Check the sender address carefully
- Hover over links before clicking
- Report suspicious messages immediately
- Do not approve unexpected MFA prompts
Awareness
What businesses should do
- Train staff regularly on phishing and impersonation patterns
- Use MFA and stronger sign-in protections
- Improve email security settings and authentication
- Review forwarding rules and suspicious mailbox changes
- Have a clear incident response path if a user clicks
Awareness
If someone already clicked
- Reset the affected password immediately
- Revoke suspicious sessions if possible
- Review mailbox rules and forwarding settings
- Investigate sign-in activity and unusual behavior
- Use incident response support if compromise is suspected