Connect with us

Hi, what are you looking for?

Tech & Science

Office365 and the risk of email scams (Includes interview)

A notorious BEC scam has been declared that has netted cybercriminals at least $15 million by exploiting Office 365 services, as reported by Forbes. The primary concern is that a threat actor chose to use Office 365 in order to improve the likelihood of a successful attack.

To gain an insight into the issue, Digital Journal caught up with Will Lasala, Security Evangelist and Senior Director of Global Security Solutions, OneSpan.

Lasala begins by looking at the main form of attack: “Social engineering is a major concern in many different industries. Often these social engineering attacks are used to gather the credentials of enterprise users with administrative access to systems, and then sell those credentials on the black market.”

He adds that: “Attacks like this often occur without anyone even knowing, and then sleeper accounts are created in systems and sold on the black market for large sums. The practice of using an SMS OTP (one-time password) as a security component for administrative accounts should be stopped immediately because SMS is not secure. Instead, using push technologies with context describing what action is being taken and why, is now essential when it comes to combating the rise in phishing attacks.”

In terms of the specific nature of the attack, Lasala states: “With push notifications and context (meaning the user knows what they are doing and why), if a hacker is able to socially engineer someone into giving up their username and password, when they attempt to log into the user’s account a secure push notification would be sent to the owner’s mobile device.”

In terms of corrective actions, the analyst says: “The notification would state that a new request is coming from an unknown location and is trying to access a sensitive server. This should alert the user and the access can be blocked. The time to implement these solutions is now because the technology already exists, and hackers have moved past simple SMS OTP

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

Teen singers Jolie Rose Wasserman and Robert Levey II performed at Joanne Trattoria in the Upper West Side of New York City on Thursday,...

Tech & Science

Nicole Janssen knows a thing or two about navigating fear of artificial intelligence

Social Media

Eisenberg took a broadly sympathetic view of the Silicon Valley billionaire when playing him in the David Fincher-directed movie.

Life

Trump, who began his second term last month, has launched a crusade led by his top donor and world's richest man Elon Musk.