1300 722 879
Remote
Support

Can you spot a malicious phishing email?

Common phishing calls to action to watch for

Phishing emails commonly mimic well-known companies such as Microsoft and usually try to create a sense of urgency or authority. Common tactics include:

  • “Your account will be suspended”
  • “Action required immediately”
  • “Unusual sign-in detected”
  • “Document shared with you”
  • “Payroll / benefits / tax information updated”
  • “Missed voicemail or secure message”
  • “Approve or deny this request”


Many phishing pages are also designed to:

  • Capture your password and MFA code
  • Trick you into approving an MFA push notification (“MFA fatigue”)
  • Ask for a second authentication step after login

Important reminder about MFA

Multi-Factor Authentication significantly reduces risk, but it is not foolproof.

Attackers commonly:

  • Prompt users to enter MFA codes on fake login pages
  • Trigger repeated MFA push requests until the user accepts
  • Use real-time phishing sites that pass credentials directly to Microsoft

Always question why you are being asked to log in.

If you receive an MFA prompt you were not expecting, do not approve it and report it immediately.

What to do

  • Do NOT scan QR codes in unexpected emails
  • Do NOT click links or open attachments you were not expecting
  • Delete the email immediately
  • If you have already scanned the QR code, entered credentials, or approved an MFA request, contact us immediately
  • Treat any unexpected email involving accounts, access, payroll, or benefits as suspicious
  • Verify requests through known internal contacts or official portals
  • When in doubt, forward the email to us for verification

Improving staff awareness

Phishing remains one of the most effective attack methods because it targets people, not technology.

Awareness is the strongest first line of defence.

If you would like to strengthen staff awareness, we offer a phishing testing and security awareness training platform that safely simulates real-world attacks and helps employees recognise threats before they cause harm.

If this is something you would like to discuss, contact us and we can provide more information.

Staying alert prevents incidents. One click is all it takes.