Copilot Hack: Scheduled Prompts Act as Your Helpful Assistant

Grand Rapids Managed IT Support
Post Date: May 20, 2026

Copilot Hack: Scheduled Prompts Act as Your Helpful Assistant

Imagine having an assistant sort through all your unread emails, rank them from most important to least important and draft an initial reply. Sounds like a dream come true, right?

Hidden within Microsoft 365 Copilot is a neat feature called Scheduled Prompts, which automatically creates summaries, action lists, and drafts without you having to prompt it.

What else can Scheduled Prompts do?

We’ll first explain how to set up Scheduled Prompts, then we’ll provide some real-world examples of prompts you can use to make your day more efficient.

It should be noted you will need a Microsoft 365 Copilot Business license to use Scheduled Prompts to access your emails, Teams messages and other work data.

How to Set Up Scheduled Prompts

First, open the Copilot app. You can do this through the side panel in Teams or Outlook, use the Copilot app in Windows or navigate to the Copilot website.

  1. Type your prompt.
  2. Once you submit your prompt, hover the cursor over your prompt and select “Schedule this prompt.” It’s the analog clock icon.

    3. Copilot Hack: Scheduled Prompts Act as Your Helpful Assistant

  3. You’ll see a pop-up box with several options:
    1. Choose the start date and time.
    2. Choose the frequency (daily, weekly, monthly).
    3. Choose how many times this prompt will run.
    4. Check the dialog box if you wish to receive an email each time the prompt is ready.
Microsoft Copilot Hack Productivity

However, it wasn’t the client who sent the email about the new banking information; it was an attacker who had compromised the client’s account.

But that simple request to change banking details was enough for us to question its legitimacy.

Request to Change Banking Information is a Red Flag

For years, attackers have compromised vendor accounts and requested changes to banking information to receive payments. If anyone asks for a change to banking information over email, it’s a red flag.

What’s different about this specific attack is they didn’t make this request out of the blue. It was during an ongoing discussion that had spanned several emails, and the attacker found an opportunity to subtly strike.

The account compromise likely occurred months ago, and the attacker set up a rule to send a banking change email whenever there was any mention of account numbers.

Additionally, there was no shift in tone from the other emails sent. Generally, phishing emails contain:

  • A sense of urgency
  • Bad grammar
  • Uninitiated messages

This email had none of those major red flags you usually spot in a phishing attack.

When trying to determine if an email is legitimate, ask yourself these four questions:

  1. Did the message arrive unexpectedly?
  2. Is it the first time the sender has asked you to perform the requested action?
  3. Does the request include a stressor, such as “you need to do this now?”
  4. Can performing the request harm your interests?
Managed IT Services Near Me

If you answer “yes” to all these questions, you should go out of your way to confirm the request is legitimate. In this instance, we could only answer “yes” to No. 4.

Our CPA firm sometimes issues refunds to clients, so it’s not unusual to see this request.

Key Takeaway and How to Protect Yourself

Your organization shouldn’t rely on email alone for any banking or direct deposit changes.

Instead, you should:

  • Verbally verify any change to ACH, refunds or direct deposit information
  • Call the client or employee using a known phone number (not one provided in an email)

Emails can serve as documentation, but they cannot serve as verification.

It might seem silly to call someone you’ve been corresponding with over email to verify a request, but extra time to confirm could save your organization from a nightmare scenario.

Stay Alert, Stay Secure

We avoided a major catastrophe, but you might not.

Unfortunately, email compromises happen weekly. Even well-trained teams can miss it because there are sometimes no visible warning signs.

Not sure if your current processes would catch this attack? Contact us to request a security assessment, during which we’ll identify gaps in your company’s protection.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.

Get Support
Subscribe To Our Newsletter

Share this post

Related Posts

Equipping Your Conference Room for Video
13May

Equipping Your Conference Room for Video? Consider These Details

Imagine you’re in a virtual meeting with a prospective client... read more

How To Schedule Messages in Teams and Outlook
29Apr

How to Schedule Messages in Teams and Outlook

Have you ever had an important message to send after... read more

Microsoft Copilot Support Grand Rapids IT
27Apr

Here’s What You Want to Know About Copilot (But Are Too Afraid to Ask)

Do you ever feel overwhelmed with Microsoft Copilot? With the read more

3 Differences Between Windows Pro and Home Every Business Leader Should Know
20Apr

3 Differences Between Windows Pro and Home Every Business Leader Should Know

Ever wonder why it costs more to buy a business-grade... read more

Microsoft 365 Groups vs. Distribution Lists
15Apr

Microsoft 365 Groups vs. Distribution Lists

Your organization is rebranding and hired a local marketing firm... read more

Verify a Message the Right Way Grand Rapids Managed IT
06Apr

How to Verify a Message the Right Way

The first rule of verifying a suspicious message is to... read more

Work From Home Cybersecurity Business Managed IT
23Mar

Why Work from Home Shouldn’t Be a Security Concern

Are you worried your work-from-home employees are more susceptible to... read more

Video Call Issues Grand Rapids Managed IT Services
17Mar

Video Call Issues? Maybe It’s Time for a New Computer

Freezing video. Echoing audio. These video call issues are a nightmare... read more

Microsoft Copilot Experts Grand Rapids Managed IT Services
25Feb

How to Use Copilot to Stay on Track During Teams Meetings

Are your virtual meetings inefficient? A laundry list of talking points... read more

Managed IT Services Near Me Microsoft Outlook Sweep
18Feb

Clean Up Your Inbox with Outlook Sweep

Are you still manually sorting emails, clicking and dragging them... read more