Microsoft 365: A Tale of Online Security – Chapter 1
Chapter 1: The Phishing Email
Jake and Lily sat in their computer lab, typing away on their laptops. They loved to explore the digital world and see what they could find. Today, they looked for vulnerabilities in Microsoft 365, the popular cloud-based productivity suite.
As they were searching, Jake received an email that caught his attention. It was from Mr. Johnson, a small business owner that uses Microsoft 365 for its daily operations. The email said:
“Dear Jake, I need your help with something urgent. I’m having trouble accessing my Microsoft 365 account, and I need you to check if everything is okay. Please click this link to log in and see what’s happening.”
Jake hesitated for a moment. He had never received an email from Mr. Johnson before, but he knew that the business owner trusted him and often asked for help with IT-related issues. He clicked on the link, which led him to a login page that closely resembled the familiar Microsoft 365 login page.
Jake entered his username and password without thinking twice and clicked “Login.” The page refreshed, but instead of showing his usual Office 365 dashboard, it displayed an error message:
“Invalid username or password. Please try again.”
Jake frowned. That was strange. He tried again but got the same error message. Lily noticed his confusion and asked what was going on.
“I don’t know,” Jake said. “I received an email from Mr. Johnson asking me to check his Office 365 account, but now I can’t log in. Something’s not right.”
Lily looked over Jake’s shoulder and saw the email. She noticed something odd about it.
“Jake, look at the sender’s address,” she said. “It’s not from Mr. Johnson’s usual email domain. It’s from a completely different address.” Jake’s eyes widened. “You’re right! It must be a phishing email! They tricked me into giving them my login credentials!”
Lily nodded. “We have to tell Mr. Johnson right away. And we have to change our passwords.”
Jake felt embarrassed and ashamed. He had fallen for one of the oldest tricks in the book but also learned an important lesson. From now on, he would pay more attention to his online security, be extra careful and do everything he could to ensure no one else fell victim to a phishing scam.
Liam Cleary
Liam began his career as a computer trainer. He quickly realized that programming, breaking and hacking were much more fun. Liam spent the next few years working within core infrastructure and security services. He is now the founder and owner of SharePlicity, a consulting company focusing on Microsoft 365 and Azure technology. His role within SharePlicity is to help organizations implement Microsoft 365 and Azure technology to enhance internal and external collaboration, document, and records management, automate business processes, and implement security controls and protection. He is a long-time Microsoft MVP and Microsoft Certified Trainer, focusing on architecture, security and crossing the boundary into software development. Over the past few years, his specialty has been security in Microsoft 365, Azure and its surrounding platforms. Liam also creates online training courses for Pluralsight, LinkedIn Learning and Cloud Academy, and he teaches multiple Microsoft certification courses for Opsgility and Microsoft. You can find him at user groups and conferences, teaching classes, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet, building Lego robots, or coaching soccer. You may also find him running races in the dark, hiking, or mountain biking at breakneck speeds.