Earlier this week, several Crowder employees received and reported a phishing email from no-reply@sharepointonline.com.  While the sending email address, no-reply@sharepointonline.com, is a legitimate address from which SharePoint can send emails, these emails were sent when a user with an Indonesia based email address shared files from personal SharePoint sites named Academic Planning and Academic Affairs. 

Below is a screenshot of one of the emails:

Please be cautious of emails like this, especially when unexpected.

Beyond being unexpected, there were several slight warning signs:

• Hovering over the Cc address revealed that it was Cc'd to AAffairss@smpmudasurabaya.sch.id, and not the Academic Affairs address. 
• At the bottom of the email, it indicates: "This email is generated through SMP MUHAMMADIYA 2 SURABAYA's use of Microsoft 365 ..."  
• Hovering over the "Open" link (and not clicking) reveals this is a personal SharePoint site and not our https://crowdermo.sharepoint.com/ site.

As always, please contact HelpDesk if you have clicked a hyperlink or attachment or replied to an email you now suspect of being phishing.  If you receive an email you are unsure of, please report it using the Phish Alert Button within Outlook.