🚨 Security Guidance: Avoiding Phishing & Adversary-in-the-Middle (AiTM) Attacks

🚨 Security Guidance: Avoiding Phishing & Adversary-in-the-Middle (AiTM) Attacks

We’ve seen a rise in phishing campaigns that use tools like “Axios” or similar to trick users into giving away their Microsoft 365 credentials. These are called Adversary-in-the-Middle (AiTM) attacks — attackers create fake Microsoft login pages that look real but secretly capture your username, password, and even your MFA codes.

This is especially a risk for those of us who:

  • Travel often and sign in from hotels, airports, or coffee shops

  • Handle a large number of customer emails and shared document links daily

Here’s how to protect yourself:


1. Always Check the Link Before You Click

  • Hover your mouse over any link in an email before clicking.

  • Official Microsoft 365 logins should only ever start with:

  • If the link looks strange, has extra words, or doesn’t match Microsoft’s domains — don’t click it.


2. Don’t Trust “Shared Document” Emails Blindly

  • Attackers often send fake “Someone shared a document with you” messages.

  • Instead of clicking the email link, go directly to:

    • OneDrive / SharePoint / Teams via your normal apps or Office.com.

  • If the document is real, you’ll find it there.


3. Protect Your Credentials

  • Never enter your Microsoft 365 password into a site reached from an unusual or unexpected email.

  • If you’re unsure, stop and contact IT before entering anything.

  • Do not reuse passwords from other websites.


4. Use MFA Correctly

  • If you get an MFA prompt unexpectedly (you’re not actively signing in) — do not approve it.

  • Report it to IT immediately. This could mean someone is trying to use your stolen credentials.


5. Traveling? Stay Secure

  • Avoid logging in from public WiFi (airports, hotels, cafes) without a VPN.

  • When traveling, let IT know your city/state so unusual login locations don’t trigger false alarms.

  • Be extra cautious about emails while traveling — attackers know road warriors are more distracted.


6. Signs You May Have Been Compromised

  • Unexpected password resets or MFA prompts

  • Emails sent from your account that you didn’t write

  • New rules in Outlook (e.g., forwarding all mail to another address)

  • Microsoft login page that “flickers” or reloads multiple times before logging you in (a sign of AiTM proxying your session)

If you notice any of these, contact IT immediately.


7. What to Do If You Slip Up

  • If you think you accidentally entered your credentials into a bad link:

    1. Call IT right away.

    2. Change your Microsoft 365 password immediately.

    3. We’ll help review your mailbox for suspicious activity and secure your MFA.


✅ Bottom Line: Slow down before you click. If in doubt, don’t log in — ask IT. Protecting your credentials protects not only you, but also our customers and company data.

    • Related Articles

    • Best Practices for Computer Security, Longevity, and Power Efficiency

      To protect our devices and data, as well as to ensure optimal performance and longevity, please follow these essential guidelines. Following these will help you work securely and keep your computer performing at its best. General Best Practices for ...
    • Front Spam & Blocked Senders

      Spam & Blocked Senders In Front you’ll see anyone that has been blocked in your spam tab. - Click the arrow by restore in inbox on right side- unblock sender You may also check Microsoft quarantine site to see if any item is ever flagged there. - ...
    • ⚠️ How to Safely Check Email Links Before Clicking

      Important: How to Safely Check Email Links Protecting Vantage Apparel from Phishing and Credential Theft ? Overview Email is a primary communication tool for our business—and a common attack vector for cybercriminals. As a distributor of promotional ...
    • Reviewing Your Account and Setting Up Phish-Resistant MFA

      Introduction This guide will walk you through using the My Sign-Ins page to review your account activity and enable a stronger, phish-resistant Multi-Factor Authentication (MFA) method using the Microsoft Authenticator app. This will help enhance the ...
    • Set up O365 for multi-factor

      Set up O365 for multi-factor authentication Microsoft 365 admin Office for business  Once your admin enables your account, for multi-factor authentication (MFA) you have to set up your user account to use it. This should only take a minute or so. By ...