Here are the clues you should have spotted:

1) Sender address

The sender address in this email was:

teams-notifications-no-reply@data-speed-cdn.net

Any automated Microsoft message should originate from the Microsoft.com domain.

2) Link target URL

The link target URL in this message began with:

https://aeneid.clickarmor.ca/

An automated Microsoft message should link to a Microsoft.com domain.

Tip: If you have never received an automated that informs you of significant changes being made without advance notification, you should be suspicious. This message was trying to exploit a sense of panic when important email messages might have been unexpectedly deleted.

Remember to use the phishing tips and practice scenarios from Click Armor’s online course to improve your skills, and avoid the next real attack or internal test. You can go directly to a phishing challenge on the Click Armor platform by using the button at the top of this page.

Always check for suspicious elements:

• • • • Senders

      • Links

      • Attachments

      • Body content