Cyber criminals are carrying out a new and highly customized, targeted spear-PHIshing campaign to steal your Office 365 users' credentials and attack organizations internally.
Get yourself informed and read on.
This new spear phishing attack is an old familiar method in which hackers send emails that purport to be from trusted sources, duping you into disclosing sensitive information. In this particular attack, the email messages are admirably well-crafted, making them even harder to spot.
The emails are also rid of the usual telltale signs such as misspelled words, suspicious attachments, and dubious requests. You might have to recalibrate what you know about phishing scams, because this new threat ticks all the boxes that make it look legitimate.
The hackers behind the attack craft personalized messages, pretending to be from trusted sources, such as your colleagues or Microsoft itself, and send them to your inbox. The messages could contain a link or a PDF file that leads to a legitimate-looking landing page. Upon clicking the link, the user will be prompted to enter his or her credentials, which the hacker will use to launch attacks within the organization.
Once they gain control of your account, they might set up new forwarding rules to monitor your communication patterns, which will be useful for their future attacks. They might even use your account to send further phishing emails to your co-workers to collect more sensitive information.
As for the phishing emails with PDF attachments, there will be instructions to fill in username and password to view the document. And once you do, your account is no longer yours.
Another way they can get your credentials is by sending an invoice that requires you to log on to a web portal to view the file. Attackers can also use this technique to trick you into performing a certain action, such as forwarding sensitive information or paying an invoice.
Identifying phishing emails and planning and implementing a robust defense system are ways to protect you and your organization against the new Office 365 threat. For tips on how to spot this type of scam and how to plan thorough security practices, contact our experts today.