If you currently have Office 365, watch out for fake request with a Subject of “Action required: Update your payment information now” and with sender: “Microsoft Online Services Team [email protected]”. Over the past few weeks I have received several of these emails which looks quite legitimate. Here is an example:
However, a quick review of the embedded URL shows this is spam if your email program didn’t already categorize it as such . The URL is no longer active but domain offene-tueren.net (22.214.171.124) tracked by ransomware tracker is associated with Locky malware.
Refer to a recent posting from Microsoft  that describes how Office 365 mitigates against phishing attacks. A valid message from Microsoft would look like item #2 “Microsoft account security code”.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.