top of page
  • Writer's pictureStan Patey

A Tale of Two Microsoft Notifications

The last line of defense for any Business's Computer Network is an educated end-user. Sophisticated firewalls, anti-virus software, web filtering, and email filtering are the foundation of solid cybersecurity, but an untrained employee remains the biggest threat to your network security. The lag between discovery of a new malware variant and the engineering and application of new protection creates a brief security opening that can only be blocked by a focused user who recognizes a threat. Phishing attacks are targeted social engineering designed to fool you. They come from what appear to be genuine and trusted senders, contain names, layout themes, colors and logos that are intended to reassure the recipient and drop defenses. The classic “Trojan Horse” is something you think you want until you realize you don’t.

Here are a few tips and an example of a recent spear-phishing (targeted phishing) attack reported by a wary Slingshot client. Check out these two “Microsoft” notifications:


  • See who it's really from. Don't trust the "Microsoft Outlook" name alone, look at the actual email address. "" probably isn't from Microsoft.

  • Check out the unusual fonts in the example below

  • bad grammar is always a giveaway.

  • The "to: address" does not include your email address

  • Hover (don't click) your cursor over the "Confirm" button to reveal that the hyperlink won't be taking you to anywhere on the Microsoft domain.

Zoom Cursor floating over button to reveal hyperlink

Contrast above to the genuine Microsoft notification email below.

  • Note the proper ""

  • If you hover your cursor over any of the links you'll see that they lead to actual Microsoft domains.

  • The "to: address" includes your address.

Genuine Microsoft Office 365 Premium Renewal Notification email example

My advice to all users is to slow down and take your time. If it doesn't feel right then don't click any links. Contact your network administrator for advice. You're not wasting their time or bothering them with a "silly question."

A few minutes of cautious review could save a hundred hours for your technical support team, prevent a security breech, and the loss of crucial company data.

To explore how your employees can be trained to protect you business network contact Slingshot Information Systems for some free advice.

124 views0 comments


bottom of page