Tabard IT’s cyber security analysis is seeing increased malicious cyber activity in phishing emails and attempts to breach Microsoft account passwords and authentication processes, so you need to be extra vigilant towards phishing or approving authentication requests that you may not have triggered.
Multi-Factor Authentication (MFA)
MFA provides an essential defence against access by unauthorised users by using the Microsoft Authenticator app (or potentially an SMS code, although this is less secure) to provide access approval. You should always be cautious when approving authentication requests and check them carefully – did you request access, for example?
If you did not request access, do not approve the MFA prompt. This is crucial to prevent accidental approval of fraudulent requests, which attackers may trigger if they have your password. If you receive unexpected MFA prompts or notices, report them to the Tabard IT for investigation. Acting quickly can help prevent unauthorised access to your accounts.
How to Spot Credential Phishing in Emails
Credential phishing emails are designed to trick users into entering their username, password, or MFA details on a fake page.
If an email doesn’t seem right then report it using our ‘Phish’ report button if you have one – it will be located at the top part of any email. If you don’t have a ‘Phish’ button, report it to Tabard IT. If you don’t know the sender, weren’t expecting the email or the subject/contents don’t seem right, then report it.
Top tips to spot malicious emails
Check for the external email warning ‘Caution: External’ if you have this option. If it is an external email, please treat with caution and if you suspect it is pretending to be an internal email then report it immediately.
Note that only users using our advanced email filtering tool Inky will see the ‘Phish’ button, ‘Caution: External’ and so on – if you are interested in making your email more secure, get in touch with Tabard IT and ask about email filtering.
Inspect the sender’s email address carefully for minor changes to company names.
If you hover your mouse cursor over links before clicking them, you will see the URL/web address pop up. Check the address is exactly the one you’d expect, and whether it is taking you to unusual site/folder locations, and question unexpected attachments.
Beware of credential requests and question why this sender needs that – typically there’s no need for a sender to request you to sign in to get to a particular web page, but if you have any doubts, get in touch.
Look out for unexpected MFA prompts, and for urgent or threatening language to submit account details, and don’t be pressured into action.
Be cautious, especially if you identify poor spelling, grammar, formatting, out of date logos or branding – these are often a sign of phishing.
Your trusted contacts are also at risk of cyber security breaches, so even if an email is coming from someone you know, check the sender’s actual address, check links by hovering over them, and don’t interact with a suspicious email until you’ve spoken to the sender (not by email, but by phone/Teams/WhatsApp on a known number) to confirm why they need the information.
You are your own first line of defence for credentials phishing, so please be vigilant and report anything suspicious immediately.