Bay Area IT Support & IT Services

The Intivix Blog

Business IT Articles, News and Tips

Attacks on Office 365 Accounts

Recent reports show a phishing scam is targeting Office 365 accounts.

McAfee Labs discovered this elaborate phishing scam, using three different malicious kits and fake voicemail messages, aimed at Office 365 accounts back in October.

This is what they uncovered:

Receive an Email

1. Office 365 users receive an email letting them know they got a voicemail and need to login to their account to access it.

microsoft email

 

 

 

 

 

 

HTML attachment

When users click on the malicious HTML attachment, a voicemail message will begin to play, making it seem legitimate.

2. The HTML attachment directs users to a generic Microsoft landing page where they are directed to login to hear the rest of the voicemail.

microsoft_email2

 

 

 

 

 

 

 

Typically, the form prepopulates to reinforce the user’s belief that the site is real, according to McAfee.

Redirecting

3. After entering the password, users are directed to the office.com login page, thinking their login was successful.

micrososft-email3

 

 

 

 

 

 

 

 

 

In terms of the information that is harvested, McAfee says these websites are collecting emails, passwords, IP addresses, and region.

Moreover, the Service, Financial, IT, Retail, and Insurance industries are seeing the greatest number of attacks. Within these companies, McAfee is seeing that middle management to executive level staff targeted.

“The goal of malicious actors is to harvest as many credentials as possible, to gain access to potentially sensitive information and open the possibility of impersonation of staff, which could be very damaging to the company,” McAfee explains, “the entered credentials could also be used to access other services if the victim uses the same password, and this could leave them open to a wider range of targeted attacks.”

While phishing attacks are nothing new, the incorporation of voicemail to drive people to malicious links is more so, especially at this frequency.

Redmond Brian Posey

Redmond’s Brian Posey has also noted phishing attacks on Office 365 accounts that target admins specifically.

“Instead of trying to spoof Microsoft in message’s Sender field,” Posey says, “the attacker will send the message from another domain that has been compromised. The idea is that because the message comes from a legitimate domain (albeit one is compromised), filters will less likely block a message. Of course, an administrator who is paying attention can easily verify that the message is not coming from Microsoft.”

Fortunately, there are ways to protect ourselves from these scams.

  1. For one, never use the same password for multiple accounts. This makes it more difficult for these hackers to gain any more private information that they already have.
  2. Two-factor authentication is also a great way to add another layer of protection to your accounts.
  3. Users should also avoid opening attachments from unknown senders.
  4. For enterprise customers, McAfee recommends blocking .html and .htm attachments so that these kinds of scams don’t even reach users.
  5. Be alert.
  6. Be vigilant.

As always, we’re here to help.  Follow us on LinkedIn, Twitter, Facebook, and Instagram for more cybersecurity news.