I got an email from someone at my college saying that I have two Office 365 accounts and I need to verify them both or have them cut off? Is this a legit email or is it some sort of scam?
If you’re asking me whether it’s legit, odds are that it isn’t. While scammers can be pretty sneaky, we humans are pretty good at sensing something that doesn’t resonate or make sense given our history of interaction with a group or organization. I’ve also been reading up on scams and apparently one of the most common aspects is the intention to produce an emotional response – typically fear or anxiety – so that you aren’t thinking clearly. A phone call from an unknown number saying that you have a warrant for your arrest? That’s a classic scam.
Another one is to create anxiety through an illogical deadline; you have 24 hours to respond or we’ll have to cut off service! Indeed, that’s exactly what this scam relies on, and make no mistake, it’s a scam. The email I got from an unknown member of the University of Denver, not IT services, threatens that my Office 365 access will be revoked if I don’t respond immediately. Without going any further, that tells me it’s bogus.
But let’s dig into it further.
NOTICE BY ADMIN: VERIFY YOUR OFFICE 365
Here’s the email I received in my University of Denver inbox. At first glance, maybe it’s legit, maybe it isn’t:
There are a few things that a close examination reveals, however. First off, who is Emily DeMarco and why is she sending this message to me? Like so many big organizations, DU has its own IT department and all emails have a very specific format and indicate the sender’s credentials. Notice also that the “CLICK HERE” is spaced out to be “CLICK H ERE” to avoid spam filters. “Office 365” isn’t properly capitalized. There are grammatical errors like “two info different logins”.
And there’s that destabilizing time reference to create anxiety: “… to avoid termination of both logins within 24hrs…”. How would one person be able to close accounts at two organizations, even if they were legit? To up the ante, there’s a threat too: “we expect you to strictly adhere and address it.”
If you did click on the link, you’d be moved to a Google Form that looks vaguely legit:
Here’s where the grammatical errors are far more rampant; they figure if you’ve clicked, you’re probably hooked and ready to share your account credentials with them. Still, always pay attention, always read closely. Phrases like “We Notices that your office 365…” is never something any professional IT person is going to have on a form of any sort.
Scroll down a bit on this form and the intention becomes all too clear:
Didja catch the misspelling of “Denver” in the third prompt?
More importantly, NEVER SHARE YOUR PASSWORDS WITH ANYONE. Even a “legit” form.
HOW TO REPORT A GOOGLE FORMS PHISHING SCAM
Instead, I’m going to use the Google Forms utility to report this as a scam, hoping they take it down promptly. That’s done by going to the very bottom of the form, where they warn you to never share your password:
Click on “Report Abuse” and it’s easy to identify what’s going on:
Now the ball’s in Google’s court to take down the form and, hopefully, delete the Google account that set it up in the first place.
Meanwhile, now you know that the email you got is not legit and some ways you can identify these scams too. Remember, if nothing else, you can use your organization’s contact form to email someone in IT directly and ask them if it’s legit too! Also, for the record, you can absolutely have as many Office 365 accounts as you need for your work and academic pursuits! Now, be safe out there.
Pro Tip: I’ve been using and writing about Microsoft Office 365 for many years. Please check out my Outlook help library for plenty of useful tutorials, as well as additional Office 365 help pages! Thanks.