Microsoft is warning Office 365 users and administrators to be on the lookout for a phishing email with spoofed sender addresses. This is because a current active campaign is targeting Office 365 organizations with convincing emails and several techniques to bypass phishing detection, including an Office 365 phishing page, Google cloud web app hosting, and a compromised SharePoint site that urges victims to type in their credentials.
As to what to make of this issue, Troy Gill, Manager of Security Research, Zix, AppRiver, tells Digital Journal that it is time of businesses to take note of the current threat and threats that will undoubtedly emerge in the future.
Gill explains the nature of the attack, noting: “Phishing continues to be the bread and butter for bad actors looking to gain access to sensitive information. We continue to see phishing campaigns rise, with even more intricate attempts to deceive the everyday individual to gain access to credentials and cause further harm to individuals and enterprises.”
What concerns Gill are the methods being deployed. Here he states: “The tactics described in the warning by Microsoft, which outlines attackers abusing legitimate services like Google and SharePoint, have become very popular over the past several years.”
Based on this, what are the best actions for businesses to follow? In order to help reduce the risk of phishing campaigns and other email threats, Gill provides Digital Journal readers with the issues that organizations should keep in mind:
- Never reuse the same password on different services, if the service is compromised attackers will try that same password for others.
- Limit authorized use of third-party services- this will help limit the attack surface criminal have to work with
- Use end-to-end email encryption for any message containing confidential or personally identifiable information
- Ensure your solution is capable of dynamically analyzing email attachments and URLs
- Continuously audit your email environment. A O365 Security audit can provide critical insights into possible compromised accounts as well as if there is activity on accounts that should no longer be active
- If there is any suspicion about a message or transaction, it never hurts to call the sender. Most will be glad of your security protocols in place to help prevent fraud.
