The Administrator does his due diligence and determines the message to be malicious in origin. The e-mail contains a link to a webpage that appears to be the Office 365 login page. Imagine this scenario that System Administrators are more commonly being faced with: An end user forwards along an e-mail inquiring about its legitimacy.
