Firms Report Phishing Attempts That Impersonate Microsoft®

Publish Date


Cyber Alert

  • Cybersecurity
  • Phishing

Multiple firms (including ACA) have reported recent receipt of phishing emails claiming to be from Microsoft®. These emails include Microsoft logos and request “required” entry/validation of login credentials. The emails are clearly spoofed.

In this alert, we explain how to spot a phishing attempt.

Analyzing a suspicious email

Analyzing the email for indications of phishing provides an opportunity to prepare against future similar attempts. The screen capture below of an email sent to ACA has been marked with numbers corresponding to the elements that implicate this email as a phishing attempt.

Spoofed Microsoft Email Example
  1. Sender Address – The email comes from a non-ACA email address, though it purports to be from ACA. Similarly, the address is from a Canadian domain, which is unusual for ACA internal processes.
  2. Unsolicited – This email comes from an external source, though it purports to be related to internal ACA processes.
  3. Microsoft – The requests purport to come from Microsoft. Statistics indicate that Microsoft is the most spoofed brand by a large margin, comprising 43% of all company impersonations.
  4. Strange Text – The date format is different from the expected U.S. MM/DD/YYYY.
  5. Bad Spelling/Grammar – The text is missing an article and is awkwardly worded.
  6. Urgent Request – The text calls for urgent action (though no previous warnings have been received, etc.).
  7. Email Signature – The signature is not typical for ACA services or groups, or specifically for the Aponix division. “ACA” is not capitalized as well, a further indication of spoofing.

Note that the markers above align with those detailed in the ACA Aponix Phishing Infographic. The infographic includes additional markers to look out for, and can serve as a handy guide for staff.

ACA guidance

Phishing attacks continue to be a source of significant damage to organizations in all sectors.

ACA Aponix® tracks click rates and credential submission rates for the mock phishing tests as part of our phishing prevention service. Our tracking shows that 60% of phishing tests performed in April - July of this year had at least one person who clicked the link, and 40% of phishing tests had at least one person who submitted credentials. This points to the continuing need to build up staff members' ability to detect phishing attempts.

ACA recommends that employees receive security awareness training (including phishing prevention) upon hiring and as part of an annual required refresher/update. In addition, firms should include mechanisms for employees to report phishing attempts and to notify IT if they did indeed succumb to an attack.

How we help

ACA Aponix offers the following solutions that can help your firm protect itself as well as comply with regulatory demands in this and related areas.

Download our Aponix Protect cybersecurity solution brochure.

If you have any questions, please contact your ACA Aponix consultant or contact us here.