Office 365 is Prime Target for Spear-Phishing

(Image: Shutterstock)

A Barracuda report released Aug. 30 said that bad actors are using spear-phishing, account compromise, and insider impersonation to target Office 365 users.

Both Federal and state governments use Office 365 for reasons such as cost savings, security, privacy, and accessibility. The State of New York saved $3 million a year when it adopted Office 365 and the city of Chicago experienced an 80 percent decrease in cost per employee. Microsoft also restricts content so it’s only shared with intended users, and contains tools to make its technology accessible to people who are visually impaired, deaf, or hard of hearing.

“Many phishing attempts are easy for end users to sniff out because they contain bold requests, misspelled words, or questionable attachments that raise red flags,” the report stated. “However, we are seeing an increase in the number of attacks that are much more difficult to spot due to the personalized nature in which they are carefully crafted and delivered.”

Join us at the sixth annual Cyber Security Brainstorm on Sept. 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times. Click here to learn more and register.

Barracuda found that recent phishing attempts have claimed that user accounts “had been suspended,” which is unusual of an Office 365 account. This type of attack is an attempt to steal the user’s account credentials and gain access to the account. If users fall for this phishing attempt and click the link, it will take them to a landing page where they’ll be prompted to provide their login information. Once the information is entered, the hackers have access to the information that will get them into the account.

From there, hackers can set up forwarding requirements that allow them to monitor the user’s communications. The information could be used to formulate future, higher level attacks.

The hacker could also use the newly obtained account to send similar messages asking for users’ credentials within the organization. The other users will assume that the message was written by the user whose account was stolen. One method that hackers have been using is sending a PDF attachment that appears like a colleague has forwarded a document for review, along with instructions in the email that say the document can be accessed by entering a work email and password.

Another way for the hacker to steal credentials is by sending an invoice that requires the user to log on to a Web portal to view the fake bill. Bad actors often request the user to complete an urgent action, such as paying a bill or forwarding sensitive information like employee tax details, according to Barracuda.

Barracuda recommended that companies train users to be on the lookout for these techniques so they’ll know how to properly identify and avoid them. Barracuda also recommended that companies use the multifactor authentication that is available with Office 365 or through Azure, and to use a real-time spear-phishing defense platform that can identify and weed out spam emails.

2 Comments
  1. Anonymous | - Reply
    All office 365 users should deploy Exchange Advance Threat Protection. This is a $2 add on that process the URL's in the email to a controlled sandbox. If the user clicks on the links, Office 365 service will block the link. This is 99% effective in handling theses attacks. The exchange ATP is design to handled delayed payloads. So if a bad actor sends a phishing email that makes it thought the initial filters, and later becomes active, Office 365 catches this.
    1. Anonymous | - Reply
      Comment above points out the continuing need to leverage integrated and continuously updated capabilities like ATP to pre-empt the threat and not depend on the human element. We have all seen the results of that dependence on users not clicking on a fraudulent phish attacks.

Leave a Reply