This is some text inside of a div block.
This is some text inside of a div block.
Microsoft 365 Phishing Scam: What Small and Medium Businesses in London and Essex Need to Know
⚠️ Microsoft 365 Phishing Scam: What Small and Medium Businesses in London and Essex Need to Know
If you’re a business owner in London or Essex, this is one cyber threat you can’t afford to ignore. A new phishing scam is circulating, and it’s alarmingly sophisticated. Worse still, it uses legitimate Microsoft tools to trick even the most cautious professionals.
At Sonar IT, we provide IT Support in London and Essex, and this is one of the most dangerous threats we’ve seen recently. It’s a stark reminder of why robust cyber security for small to medium businesses is no longer optional, especially if you're using Microsoft 365.
How the Scam Works
This scam is clever because it uses Microsoft Dynamics 365 Customer Voice, a genuine business tool, to make its phishing emails look legitimate.
Here’s what happens:
- You receive an email from what appears to be a trusted source. These emails come from real (but compromised) email accounts.
- The message references something familiar, such as a settlement statement or EFT payment.
- You click the link, which leads to a standard-looking CAPTCHA page.
- Next, you’re taken to a fake Microsoft 365 login page, where attackers attempt to steal your username, password, and even your multi-factor authentication (MFA) code.
Yes, MFA Can Be Bypassed
You might think MFA protects you and usually, it does. But in this case, attackers are capturing MFA codes in real time and using them before they expire. This means they can gain access to your Microsoft 365 account, despite the extra security layer.
For many small to medium-sized businesses, this kind of breach could be devastating, leading to data loss, reputational damage, and operational downtime.
What Can You Do?
If you’re relying on Microsoft 365 to run your business, you need to take phishing threats seriously. Here’s what we recommend to all our IT Support London and IT Support Essex clients:
- Don’t trust links in emails, even if they appear professional
- Double-check the sender’s address - especially if the email contains financial information
- Always verify with a colleague or supplier before logging into anything sensitive
And most importantly don’t assume MFA alone is enough. Phishing tactics are evolving, and so should your defences.
How IT Support Can Help
Partnering with the right IT provider can make all the difference. Whether you’re in the heart of London or managing a growing team in Essex, we provide proactive, jargon-free support tailored to your business.
Our services include:
- Microsoft 365 configuration and monitoring
- Phishing and threat detection systems
- User awareness training
- Incident response planning
- Fully managed cyber security for small to medium businesses
We’re not just here to fix problems we’re here to prevent them.
Final Thought
If you’ve ever hovered over a suspicious link and nearly clicked it, you’re not alone. These scams are designed to catch even experienced users off guard. That’s why now is the perfect time to review your cyber security posture.
At Sonar IT, we specialise in IT Support for London and Essex businesses, helping you stay protected in an increasingly digital world.
Get in touch today to schedule a free cyber security assessment no strings, no jargon, just straight-talking support.
📞 Contact Us
🔹 0203 011 0805
🔹 ontheradar@sonarit.co.uk
🔹 https://sonarit.co.uk
