What is phishing
Phishing is a malicious email designed to help cyber criminals trick users into disclosing personal information or your login details and passwords by clicking a malicious link or downloading a malicious attachment. Phishing emails usually look like a customer request or a message from a co-worker.
There are various phishing attacks types
“Failure to Deliver” Phishing Email
Cybercriminals are using the “failure to deliver” emails as part of their phishing attack. A user receives a non-delivery notification from Office 365. Those emails prompt users to click on the “Send Again” link to try sending the emails again. When Office 365 user clicks on the link, they will be redirected to a fake login page and prompted to enter their Office 365 login and password.
“Reactivate Account” Email
Another phishing example is an email requesting you to reactivate your account that has been blocked for some reason. Phishing emails usually contain a link to Office 365 account reactivation. This link will again bring a fake login page. Once the user enters login and password, the cybercriminals can access the user’s account and user’s emails and files on OneDrive.
Attackers set up Office 365 accounts and insert a malicious link into a SharePoint file. They then pose as colleagues and send invitations to collaborate and edit a file in SharePoint. SharePoint file impersonates a standard access request to a OneDrive file. The user clicks on the “Access Document” hyperlink, leading to a fake Office 365 login screen. By logging in the user gives their credentials to the attackers.
CEO Fraud phishing emails impersonate C-level executives of a targeted organisation. Those emails look like emails from the C-level sharing important news with the organisation’s employees. Commonly those emails contain a link, e.g. a link to updated COVID-19 policy, training, or other critical corporate updates. This link usually requests a user to grant permission to the malicious web app created by the attackers.
How to detect a phishing email?
Red flags to detect a suspicious email:
- Bad grammar and punctuation
- Organisation’s name misspelling
- Incorrect logo, tagline or branding of the company
- Misspellings in the sender’s email address
- Sense of urgency to fool recipients into acting quickly
- Call to action to click a link or download an attachment
If you fall victim to this attack, please immediately change your Office 365 password and contact IT professionals to undo the damage made by cybercriminals.
A simple step to improve your Office 365 security is to enable Two Factor Authentication on your account.
Circuit Networks can help you restore access to your account and improve security to prevent phishing attacks.