Smart City Telecom Blog

Cyber Scams and Microsoft 365

By Krista Lockhart
Cybersecurity
Security
Microsoft Office scams

By Smart City Operations 

Microsoft 365 is a digital software application package that supports word processing, analysis, information storage, and more. According to Statista, the worldwide market share of office suite technologies is split between Google’s G Suite and Microsoft’s Office 365. Google’s G Suite holds a market share of 59 percent, and Office 365 has 40 percent in the United States. In the United States, there are over one million Microsoft 365 customers. Said another way, Microsoft 365 supports many freelancers and small, medium, and large businesses. Unfortunately, cybercriminals know this, too. They spend a lot of time developing scams and threats against various 365 applications. Here are two common and destructive scams to be aware of. 

 First, one of the most common scams is a completely “free” version of Microsoft Office. This is an effective scam because it appeals to price-sensitive or unsuspecting users. This too good to be true offer is malware. Once a user downloads and installs it, the malware can begin harvesting their data. The installation process appears to be legitimate and professional.  It allows users to select the version of Microsoft Office they would like to install. This malware is designed to avoid detection from most antivirus systems. So even if antivirus software scans and removes it, this malware can re-install itself afterward.  Ultimately, this “free” version of Microsoft Office costs users their valuable personal data! 

Another common yet destructive Microsoft 365 threat starts with an email claiming unusual activity has been detected on the recipient’s Microsoft account. The email warns that several features have been locked. To review this activity, users are instructed to click a link provided in the email. When a user clicks the link in the email, they are taken to what appears to be an official Microsoft login page. However, this page is fake. But it gets worse fast.  Once a user enters their login credentials, cybercriminals can access the account. Once logged in, they can steal personal information and review emails and Teams messages.  

In both instances, these scams are destructive. However, there are proactive steps to stop these threats in their tracks. Here are a few tips: 

  • Analyze the URL of the login page. If you are attempting to log in to Microsoft, the legitimate URL should be login.microsoftonline.com; any other variances could be malicious. 
  • Download software from the official source. In this case, go to Microsoft.com and search for the application and offer. If something is too good to be true, it probably is.  
  • Be sure to follow instructions regarding antivirus software and data backups. Having updated anti-virus software and periodic backups are good practices. 
  • Scammers often try to influence users to act impulsively. Therefore, taking a few steps to verify the offer is critical. 
  • Sometimes, phishing emails contain spelling and/or grammatical errors, or the wording may seem unusual. Keep a watchful eye out for this. 

In closing, Microsoft 365 cyber scams are widespread. Scammers create new ones daily and use generative artificial intelligence to deploy professional offers.  Use all the information and tips referenced in this blog post to make good decisions at work and at home.