Watch out for the Phish!
Warning Office 365 users.
Here is a great example of a fraudulent and fake email attempt to gain access to your Office 365 account. The subject line and even the body of the message look somewhat authentic.
Here is how to spot the fake:
1. The actual sending email address is This email address is being protected from spambots. You need JavaScript enabled to view it. This is certainly not a valid Microsoft address. More than likely, this is a real address that was compromised.
2. Microsoft / Office 365 does not send out notices for passwords that are about to expire. If your Office 365 account is configured to require password changes, then you will be notified when you log in.
3. Take note of the verbiage: We recommend that you "Validate". There is no reason in the English language for the quotes or the capitalization. This is more esoteric, but the language/syntax is just not quite right.
4. If you check the link of the validate button, you find: durasp-usa-cc/m1soft/ in the link. Definitely not Microsoft, and should not be followed/clicked.
Always be suspicious of incoming emails, and always be diligent.