---
title: "Microsoft 365 Being a Soft Target for Scammers- Email Do’s and Don’ts You Need to Keep In Mind! | Phish Protection"
description: "Microsoft 365 Being a Soft Target for Scammers- Email Do"
image: "https://phishprotection.com/og/blog/microsoft-365-soft-target-for-scammers-email-dos-and-donts.png"
canonical: "https://phishprotection.com/blog/microsoft-365-soft-target-for-scammers-email-dos-and-donts/"
---

Quick Answer

Microsoft, the software giant, has time and again been exposed to cybercrime activities . It’s one of the top picks among phishing actors . The immense popularity of Microsoft across professional and personal setups makes it an among threat actors.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365-soft-target-for-scammers-email-dos-and-donts%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Microsoft%20365%20Being%20a%20Soft%20Target%20for%20Scammers-%20Email%20Do%E2%80%99s%20and%20Don%E2%80%99ts%20You%20Need%20to%20Keep%20In%20Mind!&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365-soft-target-for-scammers-email-dos-and-donts%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365-soft-target-for-scammers-email-dos-and-donts%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365-soft-target-for-scammers-email-dos-and-donts%2F&title=Microsoft%20365%20Being%20a%20Soft%20Target%20for%20Scammers-%20Email%20Do%E2%80%99s%20and%20Don%E2%80%99ts%20You%20Need%20to%20Keep%20In%20Mind! "Share on Reddit") [ ](mailto:?subject=Microsoft%20365%20Being%20a%20Soft%20Target%20for%20Scammers-%20Email%20Do%E2%80%99s%20and%20Don%E2%80%99ts%20You%20Need%20to%20Keep%20In%20Mind!&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fmicrosoft-365-soft-target-for-scammers-email-dos-and-donts%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2024/02/phishing-prevention-tips-2067.jpg) 

Microsoft, the software giant, has time and again been exposed to[cybercrime activities](https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html). It’s one of the**top picks among phishing actors**. The immense popularity of Microsoft across professional and personal setups makes it an

absolute favorite

among threat actors.

Over the past few years, Microsoft 365 has undergone multiple phishing attacks. Between 2019 and 2022, there has been a spike of[38%](https://news.microsoft.com/apac/2023/05/22/microsoft-cyber-signals-report-highlights-spike-in-cybercriminal-activity-around-business-email-compromise/#:~:text=Microsoft%20also%20observed%20a%2038,and%20automated%20services%20for%20BEC.)in[Cybercrime-as-a-Service](https://www.hkcert.org/blog/unmasking-cybercrime-as-a-service-the-dark-side-of-digital-convenience)incidents, thereby**targeting work emails**. 

![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2024/02/phishing-prevention-tips-2067.jpg) 

### The Greatness Phishing Kit- The New Kid in the Block!

A notorious threat actor called Fisherstell came up with the**Greatness Phishing Kit**back in 2022\. However, it grabbed the attention of cybersecurity experts only around

December 2023

. This[phishing kit](/phishing/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry)is being used extensively by threat actors to attack Microsoft 365 accounts. The kit is quite easy to use and does not involve a steep learning curve.

There’s this[dedicated Telegram account](https://me.pcmag.com/en/security/21754/telegram-is-a-scammers-paradise-thanks-to-cheap-phishing-tools)for Greatness Phishing Kit, which **shares actionable details** about the phishing kit. The ease of operation and readily available hacks and tricks make the phishing kit all the more lucrative among[threat actors](https://thecyberexpress.com/cisa-flags-2-critical-windows-vulnerabilities/).

The kit comes with truckloads of features such as customization, engagement metrics, QR codes, and so on

. Besides, the kit comes equipped with systems to evade[cybersecurity](/content/cybersecurity-in-a-nutshell)detection technology. That’s exactly why the kit is **increasingly being used** to break into Microsoft accounts. 

![Phishing email prevention](https://media.mailhop.org/phishprotection/images/2024/02/phishing-email-prevention-4579.jpg) 

Threat actors are paying as much as

$120 to use this phishing kit

to scam users.

### Here’s How to Identify a Microsoft 365 Greatness Kit Scam!

> “Microsoft’s built-in phishing protection in Office 365 catches the obvious attacks, but it consistently misses targeted spear phishing and zero-day threats. We see this every day - customers come to us after an incident that Microsoft Defender didn’t catch. Adding a dedicated anti-phishing layer takes five minutes and closes that gap.” - **Adam Lundrigan**, CTO, DuoCircle

Keep these few things in mind if you don’t want to end up being scammed by some petty phishing actor!

Avoid opening emails that have[HTML attachments](https://www.bleepingcomputer.com/news/security/html-attachments-remain-popular-among-phishing-actors-in-2022/), executables, archives, etc.

Never scan any[QR code](/phishing/qr-code-phishing-attacks-save-organization-from-the-new-wave-phishing-scams)inside an email.

- **Delete the email immediately**if you sense any kind of urgency in the content.

Go through each and every statement of an email that comes from any kind of official institution, such as brands, banks, firms, etc.[Identity theft](https://www.usnews.com/360-reviews/privacy/identity-theft-protection/identity-theft-fraud-survey)is highly prevalent nowadays, thanks to easily accessible tools like the Greatness Kit,[ChatGPT](/phishing-awareness/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game), etc.

- **Opt out of an email**that promises you[tons of money, a lottery prize, or a trip to an exotic location](https://www.wfmj.com/story/49087568/beware-of-emails-promising-gifts-from-well-known-companies). It is highly likely that threat actors are trying to access your personal details by offering you bait.

Threat actors are making the most out of the**booming technology**to break into your bank and computer.[Microsoft 365](/announcements/cybersecurity-updates-for-the-week-22-of-2023)is being attacked now and again because of it being a household name. \[Phishing actors

are trying to leverage

Microsoft’s brand value\](<https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/>) . 

The only way to stay ahead of these fraudsters is to**be highly vigilant**while working on a digital platform. Next time you see a Microsoft email landing in your inbox, be very cautious. In case of any doubt, get in touch with the Microsoft authority directly. 

A little caution, including implementing[phishing protection](/)will go a long way in**safeguarding**your[personal details](https://www.bleepingcomputer.com/news/security/integris-health-says-data-breach-impacts-24-million-patients/), hard-earned money, and expensive gadgets.

## Topics

[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 14m  12 Real-World Spear Phishing Examples And The Red Flags You Missed  Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[  Foundational 2m  8 million Android users fell prey to SpyLoan malware on Google Play Store  Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[  Foundational 1m  A Big Part of the Phishing Problem is You  Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Microsoft 365 Being a Soft Target for Scammers- Email Do’s and Don’ts You Need to Keep In Mind!","description":"Microsoft 365 Being a Soft Target for Scammers- Email Do's and Don'ts You Need to Keep In Mind!: Microsoft, the software giant, has time and again been.","url":"https://phishprotection.com/blog/microsoft-365-soft-target-for-scammers-email-dos-and-donts/","datePublished":"2024-02-14T12:26:05.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2024-02-14T12:26:05.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/microsoft-365-soft-target-for-scammers-email-dos-and-donts/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":569,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2024/02/phishing-prevention-tips-2067.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Microsoft 365 Being a Soft Target for Scammers- Email Do’s and Don’ts You Need to Keep In Mind!","item":"https://phishprotection.com/blog/microsoft-365-soft-target-for-scammers-email-dos-and-donts/"}]}
```