Phishing is a sort of attack in which you are tricked into supplying sensitive information in response to a fake message containing malicious links. Phishing is when a fraudster convinces you to do anything that provides them access to your devices, accounts, funds, or confidential information.
Microsoft revealed that there had been a growth in recent phishing email campaigns that use redirecting links combined with CAPTCHA and legitimate appearances, targeting Office 365 accounts. As Office 365 is one of the most widely used cloud business services, threat actors target Office 365 users to extract sensitive information to penetrate business organizations and access their information systems.
Modus Operandi of The Latest Office 365 Attack(s)
The latest attacks are designed to trick users by appearing to have come from Microsoft’s official sources. For instance, some ask you to review spam messages along with a link. The link, once clicked, redirects you to another page that looks like Microsoft’s Security Center and asks you to enter your login credentials. Subsequently, the site sends your login information to the mastermind of the phishing attack.
Latest Attacks Sophisticated And Dangerous: Says Microsoft
Microsoft’s Security Intelligence provided a deep look at the hazard these crafty phishing emails can cause your organization as these are more sophisticated than regular phishing attacks. You can recognize these phishing emails with the below-mentioned three main attributes:
- Referrals: The phishing email’s address uses many domains, including “.com” and usage of the word “referral” and its synonyms.
- SharePoint lure: The phishing emails use a supposed file share request with a malicious link.
- Dual URLs: The phishing emails contain multiple URLs pointing to Google storage resources. The second URL is hidden between notification settings and redirects you to a SharePoint page. Both these URLs require user logins.
The complicated structure and the social appearance of regular and trustworthy web pages make this particular phishing campaign’s attacks fatal in a large BEC (Business Email Compromise) phishing scheme. These attacks target high-level accounts and administrative emails.
With such planned and sophisticated phishing emails on the rise, your organization must implement the best anti-phishing solutions and anti-malware to prevent them.
Examples of Recent Phishing Attacks Involving Office 365 Users
Here are a couple more examples of how threat actors are leveraging phishing to target office 365 users:
Phishing Attacks on the US Universities
Threat actors are sending malicious phishing emails providing information on the Omicron variant of Covid-19, testing for the same, and changes in lecture schedules to US University students. The phishing link redirected students to a crafty login page designed with the theme of their university to get access to students’ login credentials. These pages also included fake MFA (Multi-factor authentication) verifications to take over the student accounts.
Phishing Attacks Targeting Financial Executives
Area1 Security’s report revealed how Microsoft Office 365 phishing emails target financial departments and C-suite employees. These phishing emails included malicious emails designed as Microsoft service updates, paired with Microsoft-themed sender addresses and attached ransomware files. These emails contained phishing links that redirected to policy upgradation pages, including the organization’s name, email, and logo, asking to apply the security update, which required login. The phishing emails also contained HTML and HTM attachments that loaded the fake web pages using Javascript’s escape functions.
How Can You Protect Your Organization Against Such Phishing Attacks?
There are numerous ways your organization can ensure email phishing protection. Some of these ways include:
Recognizing phishing emails
Phishing emails can be identified as they have some peculiar aspects. You can recognize phishing emails as they usually contain unusual links, use domain spoofing (using a name similar to commonly accessed domains), and use duplicate templates of official messages or emails you might have previously received. As discussed above, the latest Office 365 phishing emails contain referrals, SharePoint lures, and dual malicious links easily identifiable if you are cautious.
Training employees
Identifying phishing emails and malicious links extend to the organization’s employees as they use emails more in their daily tasks. Educate employees on spotting phishing emails by checking for spelling mistakes, infrequent senders, generic greetings, and suspicious attachments. Furthermore, reporting fake links or clients and holding awareness sessions that provide insight into anti-phishing and anti-ransomware solutions and their needs provide an additional defense against phishing emails.
Browser Add-ons
With advanced cybercrimes, defenses against them are also getting sophisticated. Your organization can certainly benefit by including browser add-ons of anti-phishing solutions for additional protection. Several anti-phishing toolbars are available that can identify and mark phishing emails your organization receives.
Office 365 Advanced Threat Protection
Microsoft’s Security Intelligence team also summarized how Microsoft Defender for Office 365 could detect and block these latest Office 365 phishing emails. Your organization will benefit by adding Microsoft’s Anti-phishing protection with Windows Defender. It provides Spoof Intelligence, Tenant Allow/Block List, Implicit Email Authentication, Anti-phishing Policies, Attack Simulation Training, among other crucial safety measures against phishing emails.
Final Words
While cybercrimes and Office 365 targeted phishing attacks rise, the tactics listed above provide a solid defense against them. These methods can help secure sensitive and business-critical data from deliberate and accidental breaches. Protection against the growing phishing email threat needs to be a priority for your organization so as not to let data breaches caused by phishing attacks disrupt business operations. In today’s uncertain world of cybercrime, you can ensure the security of your organization’s information assets by making use of all aspects of the PPT (people, process, and technology) triad.