Your company is participating in a Cyber Security Education Program.


This Outlook Limit Phishing Attack included the following social engineering techniques:


  1. Spoofed email and domain (example: locked-outlook.com).
  2. A product which you use in your workflow.
  3. Urgency to act.
  4. Use of your email to customize the email.
  5. Simple clean email to minimize suspicion.
  6. Link/Button to allow you take action attacker wants.
  7. Verbiage to catch attention (example: Limit Reached, Full).


How to spot this was a phishing email:


  1. Was this an email you expected to receive? No - Be cautious
  2. Did this email come from someone from IT you know?
  3. You should reach out to IT if in doubt.
  4. The sender named email address was not associated with Microsoft or Outlook.
  5. Brining up browser and typing in domain used isn't valid  (example: limit@locked-outlook.com).
  6. The link provided used suspicious domain similar to above.


“An employee is either an asset to your cyber security or a risk.”