Businesses: Beware of Office 365 Email Phishing Scams
Cybercriminals are taking advantage of the public’s demand for up-to-the-minute COVID-19 information along with the recent shift to remote work to craft sophisticated email scams designed to steal Office 365 login credentials.
Office 365 phishing attacks often use a well-designed “spoof page,” that is, a page that mimics the service’s actual website. Cybercriminals send emails that look and read like those sent by the victim’s employer. These fake emails ask potential victims to click on a provided link that will supposedly take them to a site with “important” or “urgent” COVID-19 updates. The provided link, however, leads to a replica of Microsoft’s Office 365 login page that prompts users to log in with their credentials. Once the user has entered his or her login credentials on the spoofed page, the attackers now have that information and can gain access to the user’s actual Office 365 account as well as any systems and applications linked to those credentials.
Steps to Keep Office 365 Accounts More Secure:
- Implement Multifactor Authentication in Office 365: Multifactor authentication, where users are sent a verification code via text or email, adds an extra layer of security when logging in and provides alerts when someone is trying to use your credentials. Organizations should consider employing multifactor authentication whenever possible.Recommended link: https://support.office.com/en-us/article/set-up-2-step-verification-for-office-365-ace1d096-61e5-449b-a875-58eb3d74de14
- Use a Password Manager Application: Password managers are software applications that encrypt and store passwords for various accounts. Using a password manager prevents credential theft from being too damaging by providing a user-friendly experience for maintaining strong, unique passwords across multiple user accounts. Organizations should consider providing this software to all employees to use for work-related accounts. More information: https://www.cnet.com/how-to/best-password-manager-for-2020/
- Use Safe Browsing Techniques: In these unprecedented times, it’s more important than ever to ensure that you are educated on safe browsing techniques to stay conscious of any potential threats that may come your way. Recommended link: https://www.us-cert.gov/ncas/tips/ST07-001
- Virtual Private Network: When working from home, be sure to use your organization’s provided virtual private network. If your organization does not provide a company-wide virtual private network, refrain from using public WiFi when using company devices or accessing company systems.