My company unfortunately uses Microsoft 365 and when they started setting that up, I got an e-mail from a microsoftonline.com domain, which asked me to enter my username and password.
I reported that mail immediately as phishing. Like, it used the ol’ confusing domain trick and everything, it’s gotta be phishing.
Turns out, nope, Microsoft legitimately operates that domain and uses it for account notifications of all things. Great job, guys.
My company unfortunately uses Microsoft 365 and when they started setting that up, I got an e-mail from a
microsoftonline.comdomain, which asked me to enter my username and password.I reported that mail immediately as phishing. Like, it used the ol’ confusing domain trick and everything, it’s gotta be phishing.
Turns out, nope, Microsoft legitimately operates that domain and uses it for account notifications of all things. Great job, guys.