“Your Account Has Been Locked”
Imagine that you’re catching up on emails when a “urgent” message appears with the subject line below:
Subject: Action Required: Your Microsoft 365 Account Has Been Suspended Body Preview: Your Microsoft account has been temporarily locked. To restore access, please verify your credentials immediately by clicking the link below.
It looks official, complete with the Microsoft logo, matching colors, and a footer that appears authentic. The message warns that your account will be disabled unless you verify your credentials immediately. There’s a bright blue button that says, “Verify Now,” which feels like the natural next step.
In reality, it’s a phishing attempt that leads to a fake login page designed to look exactly like Microsoft’s sign-in portal. The logo, layout, and even the address bar may appear legitimate at first glance. Once you enter your credentials, the attackers instantly capture your username and password and often use automated tools to log in within minutes before you can react. From there, they may send additional phishing emails from your mailbox, impersonating you to your coworkers or clients, and attempt to use your account to gain access to other systems.
The Ongoing Threat of Phishing Attacks
Phishing remains one of the most common ways attackers gain access to corporate data. Every day, millions of emails are crafted to look legitimate, but behind a convincing logo or subject line may hide credential theft, malware, or ransomware.
In recent years, phishing has evolved far beyond the obvious scams of the past. Attackers now use real branding, spoofed domains, and even AI-generated language to make their messages appear authentic. These sophisticated techniques make it harder than ever to distinguish a fake email from a legitimate one, putting employees, clients, and entire organizations at risk.
The 7 Ways to Spot a Phishing Email
Phishing emails come in many forms, but most share the same telltale signs. Recognizing them early is the easiest way to stay protected.
1. The sender’s address doesn’t match: One of the first warning signs is when the display name looks familiar, but the actual address is wrong. A message may claim to be from Microsoft Security Alert, but the true address could be something like security@verify-access-portal.net. In Outlook, hover over the sender’s name to reveal the real address. If it doesn’t align, it’s suspicious.
2. The message creates urgency or fear: Phishing campaigns thrive on pressure. Subject lines that say “urgent,” “payment overdue,” or “your account will be closed” are designed to rush you into action. Real companies rarely threaten instant consequences. If you feel anxious reading an email, that’s a sign to slow down and verify through official channels.
3. The links don’t go where they claim: Always hover over links before clicking. Outlook will show the real destination. If the address looks odd, includes extra characters, or slightly misspells a brand, it’s likely a trap.
4. Grammar and formatting look off: Many phishing messages are copied from real templates but poorly edited. Misspelled words, inconsistent fonts, and outdated logos often give them away. A legitimate message from Microsoft or your bank will almost never contain basic grammar or formatting mistakes.
5. Unexpected attachments: Files that arrive out of nowhere should always raise suspicion. Attachments ending in .zip, .html, or those that ask you to “Enable Content” in Word or Excel are common infection methods. If the attachment doesn’t match your work or you weren’t expecting it, confirm with the sender through another method before opening.
6. Generic greetings or missing details: Mass phishing attempts rarely include personalization. If an email starts with “Dear User” or “Dear Customer” and doesn’t mention your name, department, or account information, it’s probably not legitimate.
7. Something just feels off: Sometimes your intuition is the best indicator. Maybe the tone sounds different than usual, or the message arrived at an odd time. If something doesn’t feel right, stop and verify before acting
The SLAM Method
A simple way to remember phishing detection is to use the SLAM method: Sender, Links, Attachments, and Message.
It’s a quick mental checklist designed to help you slow down, think critically, and spot red flags before you interact with a suspicious email.
S – Sender: Always start with who sent the message. Check both the display name and the actual address. A phishing email might show a trusted name like “Microsoft Support” or “Payroll Department,” but the address itself could be something like verify@m1crosoft-alert.com or an unfamiliar domain. Be cautious of anything that looks slightly off, especially if it asks you to click a link or provide credentials.
L – Links: Links are the most common weapon used in phishing attacks. Hover over any link before clicking to preview the true destination. If the address looks strange, contains extra characters, or doesn’t match the company’s real website, it’s likely malicious. If the email claims to be from Microsoft, your bank, or a well-known company, never log in from the email itself. Instead, open a new browser tab and type the address manually, such as portal.office.com or your bank’s website.
A – Attachments: Treat every unexpected attachment as a potential risk until proven safe. Many phishing emails disguise malware inside common file types like PDFs or Word documents. If a file asks you to “Enable Content” or “Enable Macros,” that’s a serious red flag. If you weren’t expecting the file, reach out to the sender through another trusted method such as Teams, a phone call, or a verified company contact.
M – Message: Finally, evaluate the overall message. Does it sound like something that person or company would normally send? Are there spelling errors, odd phrasing, or emotional language designed to make you act fast? Attackers often use threats, rewards, or policy warnings to manipulate reactions. Ask yourself whether the email makes sense in context. If anything feels inconsistent, verify through official channels before responding.
The SLAM method takes less than a minute to apply, but it can save hours or even days of recovery from a compromise. Make it part of your routine whenever a message seems out of place.
What to Do If You Suspect a Phish
If you suspect a phishing email, do not click any links or open attachments. Do not reply or forward it to others. Use the “Report Phishing” button in Outlook or Microsoft 365 and report the message to your IT Support team. After reporting, delete it from your mailbox.
If you clicked or entered your credentials, change your password immediately and notify IT so they can secure your account and check for other compromises. Quick action can prevent larger damage.
Final Thoughts
Phishing emails continue to evolve, using real branding, stolen signatures, and even AI-generated content to appear more convincing. But no matter how advanced these scams become, the fundamentals of detection stay the same. Verify before you trust, and rely on the SLAM method and the seven warning signs as your first line of defense.
Cybersecurity is never static, and the threats we face are constantly shifting as attackers develop new ways to bypass protections. Staying alert and practicing safe email habits is not just an IT concern but a shared responsibility across every employee and department.
Take time to question unexpected messages, double-check links, and stay informed through security awareness updates. Small moments of vigilance, such as pausing before you click or verifying before you trust, can make the difference between a routine day and a serious security incident. By staying mindful and proactive, we can all help create a safer digital environment for everyone.
Written by David Owens, Technical Engineer- OXEN Technology