These New Phishing Threats are Targeting Office 365 Users

Phishing remains the number one threat when it comes to the data security of businesses in New Jersey and other parts of the country. Hackers continue to evolve phishing and create ever more sophisticated attacks each year.

One of the latest phishing subsets is Office 365, with attacks that are specifically designed to steal user login credentials and get around standard email phishing and spam defenses.

25% of phishing attacks get past Office 365 security.

Why attack Office 365 users? There are a few different reasons. 

One is that Office 365 is now the most widely used cloud platform in the world by user count, so hackers are going where the users are.

Another reason is that Office 365 platforms hold a treasure trove of useful assets, including:

  • Documents containing sensitive information
  • Access to sending spam/phishing from a user email account
  • Access to more user credentials that could be sold on the Dark Web
  • Ability to impersonate a user to steal credentials from a higher permissions user or external contact

It’s important to know the tricks hackers are using in phishing targeted at employees in companies using Office 365 so you can properly warn your users and have them be on the lookout for threats.

Watch Out for These Office 365 Phishing Scams

Unfortunately, many of these new attacks are using methods designed to get past normal Office 365 threat security, making them particularly dangerous. For example, instead of attaching a file with malware, they’ll use a link to a OneDrive file that Microsoft’s security mechanisms won’t see as suspicious.

Awareness is important so that users know to question anything unexpected in their inboxes that may initially appear innocent.

Here are several Office 365 user-targeted threats to be on alert for.

The SharePoint File Sharing Email

If your organization (or one you work with, like a vendor) uses Office 365, it’s not unusual to receive SharePoint document file sharing links by email that give you permission to view or download a shared file.

But you should scrutinize these sharing invitations carefully, because this is a newer ploy that phishing scammers have been using.

The email masquerading as a file sharing invitation contains a OneDrive file link, which most users see as trusted, but once that link is clicked, it redirects the user to a webpage which contains what looks like an Office 365 login. But this is actually a spoofed form which sends your login credentials to the hacker.

Users should question where the sharing email came from and not click the link if it’s from an unknown party. Even if the email is from someone you know, if it’s unexpected, contact the sender to verify, as their account could’ve been hacked.

Direct Deposit Scam

An alarming scam that can cost companies and employees thousands of dollars is directed at those users in the human resources and/or accounting departments. This scam is usually a “step 2” after a hacker has gained access to an Office 365 user’s account.

They will send an email from the hacked employee’s email account requesting that their direct deposit bank account be changed and then fill out the necessary paperwork. Once they’ve hacked into a user account, a hacker can often access a company directory or corporate Wiki in Microsoft Teams that let them know which user to direct the pay request to.

The hacker will typically not make themselves know otherwise, and by the time the user figures out their payroll hasn’t come in and contacts the accounting department, the hacker has made off with at least one or two pay deposits.

Promise of Salary Increase Scam

In this scam users are targeted by emails claiming to be from the company Human Resources Department. The email includes an Excel spreadsheet with a file name such as “salary-increase-sheet-November-2019.” 

The email usually has a spoofed “from” email name to trick the user into thinking it’s coming from within their own organization. The Excel file format is also a tactic used to get people to trust the content because it’s a familiar Office document type.

But upon clicking the email, users are taken to a fake Office 365 login page which is designed to steal their credentials.

Microsoft Outlook Account Termination Scam

Phishing scammers often use fear to get users to take action before thinking. In one scam targeted against Office 365 users this comes in the form of a warning that their Outlook email account will be terminated.

This email will often use an automation that inserts the person’s first name to personalize the email and make it more believable. It will then say something along the lines of:

“Our records indicate that you recently made a request to terminate your account. You will lose all your emails associated with your account within 3 days. If you have no knowledge about the request process, kindly cancel the request below.”

The email will include a link to follow that takes the user to a page that is, like the other scams, designed to steal their Office 365 login credentials.

How Well Protected are Your Office 365 Accounts?

Today’s data security needs to cover both on-premises devices and cloud-based platforms like Office 365. Find out how well protected your data is by requesting a free security assessment from Technology Visionaries.

Schedule your free security assessment today by calling 732-587-5960 or using our contact form.