Spot the Phishing Email
A realistic email lands in your inbox asking you to act fast. Can you tell if it is a trap?
The scenario
It is Monday morning. You open your inbox and find an email that looks like it is from "Microsoft 365 Support":
From: Micr0soft Account Team <security@m365-verify-login.com>
Subject: Urgent: Your password expires in 2 hours
"Dear user, we detected unusual sign-in activity on your account. To avoid being locked out, you must verify your password within 2 hours by clicking the secure link below."
The email has the Microsoft logo, a blue "Verify Now" button, and a small note at the bottom saying "If you did not request this, please ignore." The link, when you hover over it, points to: http://m365-verify-login.com/account/login
From: Micr0soft Account Team <security@m365-verify-login.com>
Subject: Urgent: Your password expires in 2 hours
"Dear user, we detected unusual sign-in activity on your account. To avoid being locked out, you must verify your password within 2 hours by clicking the secure link below."
The email has the Microsoft logo, a blue "Verify Now" button, and a small note at the bottom saying "If you did not request this, please ignore." The link, when you hover over it, points to: http://m365-verify-login.com/account/login
What to learn
This is a classic phishing email. Several red flags give it away:
• The sender domain is m365-verify-login.com, not microsoft.com. Attackers register look-alike domains.
• The display name uses a zero in "Micr0soft" to imitate the brand.
• It creates false urgency ("2 hours") to make you act before you think.
• Hovering the link reveals it goes to a non-Microsoft, non-HTTPS address.
• Real providers never ask you to "verify your password" through an email link.
What to do: do not click. Report the message to your IT team or use the Report Phishing button, then delete it. When in doubt, open the service directly from your browser instead of clicking email links.
• The sender domain is m365-verify-login.com, not microsoft.com. Attackers register look-alike domains.
• The display name uses a zero in "Micr0soft" to imitate the brand.
• It creates false urgency ("2 hours") to make you act before you think.
• Hovering the link reveals it goes to a non-Microsoft, non-HTTPS address.
• Real providers never ask you to "verify your password" through an email link.
What to do: do not click. Report the message to your IT team or use the Report Phishing button, then delete it. When in doubt, open the service directly from your browser instead of clicking email links.