The good and bad thing about the Internet is that we are all now pretty much connected to each other all the time. The growth in attacks by bad actors continues to expand and become ever more sophisticated.
One of the ways I have suggested that can help yourself be that little bit more secure is to brand your Microsoft 365 tenant. I wrote an article on how to do this:
Office 365 branding using Azure Resource Manager
Why this makes you a little bit more secure is that most phishing attacks are generic and take you to an unbranded, generic Microsoft 365 login page. Thus, having your own branding on your tenant will hopefully get users to stop and think before giving up their credentials to malicious sites. Yes, I know it is not fool proof, but every little bit helps.
It however, was only a matter of time before the bad actors worked out how to get around this as has now been brought to my attention.
As you can see from the above, I am getting my tenant branding displayed even though the URL is not for the Microsoft Online URL!
You can see the attack does have a flaw on a large screen as shown above, but I’m sure it will fool most people.
So, how can I make sure Microsoft knows about this? I can use my (real) Microsoft 365 Admin portal to report the URL.
I go to the Microsoft 365 Security Center and select Submissions from under the Threat Management section. You then select +New submission as shown.
You then simply complete the details for what you wish to tell Microsoft about and select the Submit button down the bottom.
You should get a confirmation like shown above.
You should then also be able to see your submission in the bottom of the screen. Just make sure you select the correct query options and results to see this.
You can read more about this at:
How to submit suspected spam, phish, URLs, and files to Microsoft for Office 365 scanning
Security it never an exact science. Attackers work hard to bypass barriers configured, so you should never be complacent. However, you should also share what you find with people like Microsoft to help them harden their systems against attack and thereby help others.
We are all in this together, so let’s work together to make it a safer place for all.
CIAOPS 
Very thhoughtful blog
LikeLike