Major scam alert to all Office 365 users:
Phishing campaigns are using fake voicemails and phony emails "from" Microsoft to target unassuming companies and breach their network systems.
There are several things you and your organization should do to protect yourself against this scam, which according to McAfee researchers has targeted companies at all personnel levels and has impacted a range of industries including:
Among these important self-protection steps are: educating all users about this scam and (first and foremost) utilizing best-practice techniques to avoid security breaches.
Here's a basic rundown of how this Office 365 scam works:
First, pop-up warnings or spurious emails (usually containing Microsoft's logo, a link, and/or a HTML attachment) show up, telling the recipient that their computer has been infected or that they've missed a call from such-and-such person or phone number. Information such as caller ID, date, call duration, and references numbers may be included in the email.
Whatever the specific message actually is, the overall intent of this email is to get the recipient to contact the scammers (by engaging with links and following any instructions provided) and give them login information related to their Office 365 account. By providing scammers with their credentials, the attackers can gain access to the recipient's email contact lists and other sensitive data that the recipient normally has access to, including cloud storage data.
The team of McAfee researchers studying and reporting on the Office 365 scam has determined that attackers are using phishing kits purchased on the underground market in order to carryout this scam. One phishing kit is even called Voicemail Scmpage 2019—subtle, right?
How can you fully protect yourself against a potential threat if you don't know how to recognize it? Here are a few major signs that may indicate the presence of the Office 365 scam:
As Office 365 scams pop up their ugly heads again, it's important that you take necessary steps to protect your company against them. To this end, here area few important steps to keep in mind:
Boost your confidence, confidentiality, company, and customer experience with the help of our team at Integrity Technology Solutions. Contact us today to learn more about our services and find out how we can help you make sense of security in a rapidly evolving digital world.
Photo by Johny vino on Unsplash