This is scary stuff, but the real question is: "What can I do about it?"First, there are some clues in the email itself. When I hover over the link, I see that the URL starts with “http://” instead of “https://.” A real OWA webpage would almost certainly use an encrypted “https” connection. The site also doesn't have the company name in the domain: it's just an IP address. That's a big red flag as well. However, many phishers know that vigilant employees will look for these issues, and configure the malicious website to use an encrypted connection, and register a domain name that might trick employees if they don't look closely, such as “https://rax1s.com” or “https://raxls.com.” Make sure you look closely at the link!If you find an email strange or unexpected in any way, ask about it. Most companies are concerned with phishing and would much prefer that you ask IT if an email is real rather than clicking on the link. Some companies have phone numbers, email addresses or websites that allow you to report a suspicious email. If not, give your IT helpdesk a call or forward the email to them asking them to check. Have you ever received an email from IT notifying you that you may have received a phishing email and asking you to delete it? Someone likely reported it in time for IT to nip it in the bud, thwarting the attacker.What if you clicked on the link in the email and then became suspicious of the website? This is dangerous, as webpages are far more likely than emails to host malicious files that may not be caught by company controls. Immediately report the email and the fact that you clicked on the link to your IT department. They will likely be grateful that you told them quickly so that they can check for and mitigate any threat. Never enter credentials or other private information on a suspicious website until you get the official go ahead. In past customer phishing campaigns, I have listed my phone number on the website saying that they can call to confirm that the site is legitimate. Never trust the email or the webpage! Contact your IT department in ways that you know internally before trusting the site. If you call the phisher during a phishing campaign, they will definitely confirm that you should enter your credentials on the site!

Next Steps If You Fall for the PHISH

So what happens next if you entered your credentials, or even clicked on the malicious link on the error page?

Step 1: Report the Phish and Your Actions

First of all, I'll repeat it again, contact your IT department. They may have a process, and they need to get started as soon as possible. The sooner you tell them, they more able they will be to contain the threat.

Step 2: Change Your Password