Active Threat – Action Required
IT Security is tracking an active phishing campaign that began on March 8, 2026. Attackers are sending emails impersonating Microsoft and our IT helpdesk, asking recipients to verify their account or reset their password via a fraudulent link.
What These Emails Look Like
- Sender appears to be noreply@microsoft-security.com or similar (not a real Microsoft domain)
- Subject lines include: "Action Required: Verify Your Account", "Unusual Sign-In Activity Detected", "Your Microsoft 365 License Is Expiring"
- Contains a prominent blue button labeled Verify Now or Secure My Account
- May include your name and company logo to appear legitimate
What to Do If You Receive One
- Do not click any links in the email.
- Use the Report Phishing button in Outlook (on the Home ribbon) to report it to Microsoft and our Security team simultaneously.
- If you already clicked a link or entered your credentials, contact the Security team immediately at ext. 5401 or security@company.com.
How to Verify Legitimate IT Communications
Legitimate IT and Microsoft communications will always come from @company.com or @microsoft.com domains. We will never ask for your password via email. When in doubt, call the helpdesk at ext. 5400 before clicking anything.