Recent reports show a phishing scam is targeting Office 365 accounts.
McAfee Labs discovered this elaborate phishing scam, using three different malicious kits and fake voicemail messages, aimed at Office 365 accounts back in October.
This is what they uncovered:
#1. Office 365 users receive an email letting them know they got a voicemail and need to login to their account to access it.
When users click on the malicious HTML attachment, a voicemail message will begin to play, making it seem legitimate.
#2. The HTML attachment directs users to a generic Microsoft landing page where they are directed to login to hear the rest of the voicemail.
Typically, the form prepopulates to reinforce the user’s belief that the site is real, according to McAfee.
#3. After entering the password, users are directed to the office.com login page, thinking their login was successful.
In terms of the information that is harvested, McAfee says these websites are collecting emails, passwords, IP addresses, and region.
Moreover, the Service, Financial, IT, Retail, and Insurance industries are seeing the greatest number of attacks. Within these companies, McAfee is seeing that middle management to executive level staff targeted.
“The goal of malicious actors is to harvest as many credentials as possible, to gain access to potentially sensitive information and open the possibility of impersonation of staff, which could be very damaging to the company,” McAfee explains, “the entered credentials could also be used to access other services if the victim uses the same password, and this could leave them open to a wider range of targeted attacks.”
While phishing attacks are nothing new, the incorporation of voicemail to drive people to malicious links is more so, especially at this frequency.
“Instead of trying to spoof Microsoft in message’s Sender field,” Posey says, “the attacker will send the message from another domain that has been compromised. The idea is that because the message comes from a legitimate domain (albeit one that has been compromised), filters will be less likely to block the message. Of course, an administrator who is paying attention can easily verify that the message did not come from Microsoft.”
Fortunately, there are ways to protect ourselves from these scams.
For one, never use the same password for multiple accounts. This makes it more difficult for these hackers to gain any more private information that they already have. Two-factor authentication is also a great way to add another layer of protection to your accounts.
Users should also avoid opening attachments from unknown senders.
For enterprise customers, McAfee recommends blocking .html and .htm attachments so that these kinds of scams don’t even reach users.
As always, we’re here to help.