Beware of this Office 365 Phishing Scam
Recently, a host of new Office 365 phishing scams have taken resurgence. Phishing emails are widely used and are often one of the most successful ways cyber criminals gain access to business networks.
Industries like journalism, office administration, legal, marketing, sales and human resources have a higher risk when it comes to phishing emails because their position requires them to open links and engage with strangers.
This campaign of attacks has targeted government agencies, industrial organizations, financial firms, universities, and more. The phishing emails in the images below managed to get through quality, third party email filters. All of the emails reference Office 365, which means Office 365 users are being targeted specifically.
How to recognize the Scam
As a user – and the last line of defense, it’s important to educate yourself about ways to recognize this scam.
Some of the signs to watch out for include:
- A warning that your PC is infected. The warning will typically state call Windows support (or tech support, help desk, etc.) now at XXX-XXX-XXXX, but it will rarely say “Microsoft Support”.
- The warning might be partial or full screen, but it will be difficult to close the window and clicking the close button (the X) will not allow you to exit from the popup. You’ll need to end the task via the task manager to close the alert box.
- You might hear pre-recorded audio announcing the alert.
- These warnings have been reported on perfectly legitimate websites. They are usually harmless (as of now) unless you follow the instructions on the alert.
- Warning messages have been observed on all browsers and operating systems. Your pop-up blocker will not block these alerts. It’s best to clear your browser history after encountering one of these messages and follow that up with a virus scan.
- The best defense is user education, email filtering & multi-factor authentication (especially if using Office 365 – since you’re already paying for it!)
How this Scam Works
According to csoonline.com, there is a pattern this phishing campaign follows that begins by sending emails in an attempt to collect logins for Office 365 accounts. Once credentials are gained, the attackers target the victim’s address book which is often filled with business and personal contacts.
During the second stage of attack, they use the first victim’s existing relationships as an ice breaker by using informal subject lines like “FYI” to get the victim to lower their guard and take action. This cycle is repeated again and again.
The harvested credentials are used to access anything the victim has access to – cloud storage through One Drive, SharePoint, Skype – the potential for damage is great.
Below are actual screenshots of phishing emails targeting Office 365 users to give you an idea of what this scam looks like.
Or, learn more about what's included in a Network Security Assessment here.
Above All Else
If you see one of these warning notices or phishing emails, do not interact with it under any circumstances.
Do not call them, do not give them access to your PC and do not give them your credit card information. If you did provide them with your payment details, credit companies may decline the charge, but you’ll still want to cancel your card since they now have your credit card number.
If access was allowed, remediation/replacement options should be evaluated.
When in doubt, give Ontech’s support team a call at 262-522-8560 or contact us online and we’ll gladly assist you. We can help you ensure that proper measures are taken so those emails don’t find their way into your inbox again.
Schedule a network security assessment
When you request a security assessment below, we'll contact you to schedule a complementary introductory meeting to discuss the details of the assessment and how we can best assist you.
*This security analysis is not all encompassing. However, the results of this analysis may prompt additional recommendations that are more focused on specific aspects of your environment. EX: PCI & HIPAA audits, in-depth anti-virus testing, firewall/router audit, etc.