Fake 'Code of Conduct' Emails Are Stealing Work Passwords. How to Spot Them

A new email scam is making the rounds that looks extremely convincing. Scammers are sending emails that appear to be from your employer about reviewing or signing a company code of conduct or policy document. The emails look legitimate because the attackers are using real email services and making the messages appear fully authenticated.

When you click the link and try to log in, you are actually giving criminals your work password. This primarily affects people who work at companies or organizations that use Microsoft 365 for email and work tools. What makes this attack especially dangerous is that it can bypass even two-factor authentication in some cases.

The scammers steal not just your password but also your active login session, giving them full access to your work accounts, emails, and files.

1. Do not click any links in the email. Instead, go directly to your company's intranet or HR portal by typing the address yourself.
2. Call your IT department or HR to verify whether they actually sent this request.
3. Look at the sender's email address carefully. Hover over any links without clicking to see where they really go.
4. If you already clicked a link and entered your password, change your work password immediately and contact your IT department right away. Make it a habit to never click links in unexpected emails, even if they look official. When in doubt, go directly to the website yourself or call to verify. Teach your family members who work from home or have work email on their phones to do the same. Scammers are getting better at making fake emails look real, so your best defense is to stop and think before clicking anything. If an email creates urgency or pressure to act quickly, that is often a red flag.