We are seeing a lot of phishing attempts against Microsoft Outlook Web Access (Microsoft Outlook Web App (formerly known as Outlook on the Web or
Outlook Web Access) is a browser-based email client. Outlook Web App lets you access your Microsoft Exchange Server mailbox from almost any web browser. ) These sort of phishing attempts are much harder to protect against, because the OWA web address will not be a Microsoft website or any common site name but is normally a subdomain or part of your own company web domain. To make it harder, many companies do have numerous different email domains, so email messages might come from any of the company domains. To make it even more plausible, many companies have policies that insist on a user updating and changing their passwords every 30 or 60 or 90 days, so we all get blasé about the warning and don’t look carefully at the email sender or url on the page and just blindly enter the details because we keep getting told to do it.
