Bugged by Phishing Email Attacks (pt. 2)

My opening “Wednesday Bit” article of 2024, over on Smart Thinking Solutions, was a brief look at the flurry of phishing email attacks I saw over the Christmas holidays. Many of these were targeting my Microsoft 365 credentials, hoping that in the rush and relaxation of the Christmas period I would be careless enough to give the threat actors access to mine, the company’s and our clients’ information. It didn’t happen.

Bugged by Phishing Email Attacks (pt. 2) Cyber Awake

Phishing email – not just for Microsoft 365

Whilst writing this article I received this email:

Bugged by Phishing Email Attacks (pt. 2) Cyber Awake

It is completely legitimate – so my anti-virus, email and junk filtering did not touch it. I did get the rather annoying “You don’t often get email from…” warning – but this is really only “Microsoft Security Theatre” and adds very little to my or your cyber security.

The issue here of course is that I did not request this link and I am pretty certain as I type this article that I am not in Bardstown Kentucky, US. A quick check of the Bardstown website, shows it to be a nice place. It talks about bourbon a lot but does not mention any hackers!

Joking aside, I am sure you are thinking that this type of attack has little chance of succeeding – you are not likely to click on this link – you did not request it.

Here is the Problem

I mentioned in my other article that many of the Christmas attacks were going after my Microsoft 365 credentials. I did not compromise my credentials, but I am sure there are others out there who did – for whatever reasons. If any of these users had credentials not managed by the rule of “least privilege” then the hackers could now have the ability to exploit your email system and use this log-in request themselves.

Here is the Fix

There are fixes for this – you can Google “business email compromise” and read your way through the pages and work them out for yourself. Clients pay me for this type of knowledge so I will not share our solutions and training with just anyone for free. Sorry – have a look here to see the time and effort I have invested and do invest in keeping my knowledge current and relevant.

If you would like to discuss how I can help with your cyber security questions then please get in touch.


Clive Catton MSc (Cyber Security) – 
by-line and other articles

Further Reading

Bugged by Phishing Email Attacks (pt. 1)

Here is Your Next Cyber Security Step

Photo by Monstera Production