If you are receiving a mail stating that your password has been compromised or a notification stating your account will be deleted, there is high probability that the mail is a spam mail.Microsoft Office365 never asks you for your user credentials nor it sends you emails stating that your password has been compromised or your account will be deleted.Ways to identify a spam/phishing mail 

1. Never open or download attachments unless you know what they are.
If you don't know the sender, can't trust a link, or otherwise feel like an email may be spam, do not open any attachments. This is the quickest way to a virus.

2. Hover over the links in your email to see if they are pointing to the right destination.

3. Avoid any requests for personal information. This is known as phishing, when a criminal pretends to be from a reputable site or organisation , that has to "update user information," or needs you to sign in "immediately." In general, if the email asks for immediate action or personal information, it is phishing and should be ignored.

  • One of the most common subject lines, "Problem with your Account" is almost always phishing. If you had a problem, it will tell you when you log on to the account.

Below are a few examples of how a spam mail looks like:

There is an advance feature which can be added additionally per user based subscription called Exchange Online advanced threat protection.Exchange online advanced threat consist of two parts safe links protection which protects links and safe attachments protection which protects attachments.

How ATP(Advanced Threat Protection)safe links protection works for hyperlinks in email (hosted in Office 365) & Office applications (Word, Excel, PowerPoint, and Visio) on Windows:

  • People receive email messages that contain hyperlinks.
  • Email arrives in people's inboxes.
  • The user opens an email message, and then clicks on a hyperlink in the email message.
  • The ATP safe links feature immediately checks the link before opening the website. The link is identified as blocked, malicious, or safe.
  • If the link is determined to be safe, the user goes to the website.

Similarly for the Attachments that you receive in your mailbox.It is not obvious to whether that attachment is safe or actually contains malware designed to steal the  user credentials.

User receives an email message that has an attachment. You will receive the mail with the message body first and the attachment is reattached to the mail after scanning is complete.If found malicious is send to the admin.

Note: You can add Advanced Threat Protection to the following Exchange and Office 365 subscription plans: Exchange Online Plan 1, Exchange Online Plan 2, Exchange Online Kiosk, Exchange Online Protection, Office 365 Business Essentials, Office 365 Business Premium, Office 365 Enterprise E1, Office 365 Enterprise E2, Office 365 Enterprise E3, Office 365 Enterprise E4, Office 365 Enterprise K1, Office 365 Enterprise K2, Office 365 Education

How Office365 ATP works:

Step 1: You open a Phishing mail and click on any unsecure link.

Step 2: You'll be taken to a page which states this site is classified as Malicious.