It’s taken a little while but the bad guys have taken to impersonating Office 365 billing statements like the one shown above. Unless you check REALLY closely you’d click on the links provided and get your machine infected with something evil like Cryptolocker.
As always, the best defence is to be careful when clicking links and downloading attachments inside emails, even if they look legit.
The average user really doesn’t stand a chance as I have highlighted many times:
Paranoia is therefore your best defense, so be paranoid, REALLY paranoid when it comes you emails wanting you to click something, even those that appear to come from Office 365!
CIAOPS 