Phishing is the fraudulent attempt to obtain your sensitive information. This includes info such as usernames and passwords to email accounts and credit card numbers. This is done by disguising as a trustworthy familiar contact and done via email.
HOW CAN IT AFFECT YOUR BUSINESS?
Immediate Financial Loss: The most common example we have seen is an email purported to be from your President asking you to purchase something on their behalf or to send an electronic payment to a 3rd party causing immediate financial loss. We have also seen examples where users are enticed into providing their valid username and password to a malicious website while thinking they are legitimately resetting or verifying their account. The criminal then uses your username and password to send emails from you requesting payments to be made on behalf of your company.
WHAT YOU NEED TO LOOK FOR?
Context is Key: If you see your boss, IT department or billing department asking you for sensitive information via a clickable link in an email, always first verify that the e-mail is legitimate and was sent by the entity sending it.
Mystery Package: If you are being prompted to open or download an attachment that you were not expecting, DO NOT Open or Run it.
Forms: Never provide your email/password or any other sensitive information via a clickable e-mail link unless you are completely certain it is a legitimate link. Even if the look and feel is legitimate, it is best to manually type in the website address that you know is real instead of using a provided link.
Always verify and validate: Be sensitive to the context of the email request and ask yourself if it sounds like what that contact would request. Before following through, always verify and validate with the original sender by phone or in person
Right click to check: Right click (or Press and Hold for mobile phones) on the hyperlink you are being directed to, take a look at the domain name and make sure it is authentic.
Advanced threat protection is an option that comes with Office 365 that could be of aid in filtering out suspicious correspondence.