Beware of this Office 365 Phishing Scam
Industries like journalism, office administration, legal, marketing, sales and human resources have a higher risk when it comes to phishing emails because their position requires them to open links and engage with strangers.
This campaign of attacks has targeted government agencies, industrial organizations, financial firms, universities, and more. The phishing emails in the images below managed to get through quality, third party email filters. All of the emails reference Office 365, which means Office 365 users are being targeted specifically.
Some of the signs to watch out for include:
- A warning that your PC is infected. The warning will typically state call Windows support (or tech support, help desk, etc.) now at XXX-XXX-XXXX, but it will rarely say “Microsoft Support”.
- The warning might be partial or full screen, but it will be difficult to close the window and clicking the close button (the X) will not allow you to exit from the popup. You’ll need to end the task via the task manager to close the alert box.
- You might hear pre-recorded audio announcing the alert.
- These warnings have been reported on perfectly legitimate websites. They are usually harmless (as of now) unless you follow the instructions on the alert.
- Warning messages have been observed on all browsers and operating systems. Your pop-up blocker will not block these alerts. It’s best to clear your browser history after encountering one of these messages and follow that up with a virus scan.
- The best defense is user education, email filtering & multi-factor authentication (especially if using Office 365 – since you’re already paying for it!)
How this Scam Works
According to csoonline.com, there is a pattern this phishing campaign follows that begins by sending emails in an attempt to collect logins for Office 365 accounts. Once credentials are gained, the attackers target the victim’s address book which is often filled with business and personal contacts.
During the second stage of attack, they use the first victim’s existing relationships as an ice breaker by using informal subject lines like “FYI” to get the victim to lower their guard and take action. This cycle is repeated again and again.
The harvested credentials are used to access anything the victim has access to – cloud storage through One Drive, SharePoint, Skype – the potential for damage is great.
Below are actual screenshots of phishing emails targeting Office 365 users to give you an idea of what this scam looks like.
Above All Else
If access was allowed, remediation/replacement options should be evaluated.
When in doubt, give Ontech’s support team a call at 262-522-8560 or contact us online and we’ll gladly assist you. We can help you ensure that proper measures are taken so those emails don’t find their way into your inbox again.
Ready To Talk?
A quick 10-minute call is all it takes to see if we’re a good fit. If we aren’t for whatever reason, we’ll point you in the right direction.