Office 365 combines email, file storage, collaboration, and productivity applications, including OneDrive and SharePoint. Together, they are the crock of gold of sensitive data and files that phishers are looking to exploit.
On obtaining a single set of legitimate Office 365 credentials, a phisher can conduct spear phishing attacks from within the organization, impersonating employees in order to extract a financial payback. Attackers mimic the protocols and appearance of Office 365 messages and interfaces to trick users into disclosing their login credentials and here are the type of attacks to look out for:
The Voice Message Attack:
Outlook for Office 365 indicates you have an email. The subject line reads: “Incoming: You received a voice message from +1 508 *** – 250 seconds.” It’s personalized with your first name in the body of the message. Along with the realistic-looking phone number, the email contains a phishing link you can click on to hear your message. Don’t! It’s a trap.
The ‘Action Required’ Attack
The message arrives with a subject line that says something like, “Action Required: [email_address] information is outdated—You must revalidate your account.” The message includes a link that is generally hosted on a legitimate although hacked website to bypass reputation-based email filtering systems. This is a trick to get you to disclose your Office 365 login credentials. This could be the first step in a multiphase attack, providing the attacker with all they need to begin conducting lateral attacks within your organization using the compromised Office 365 account.
The Shared File Attack
In a shared-file attack, you receive a file-sharing notification in an email message from a common name, such as “John” or “Julie.” You know someone named John or Julie, don’t you? You’re then redirected to a fake OneDrive login page where the phisher then harvests your account credentials. You assume you’ve been logged out. The phisher is counting on you to sleepwalk through your use of Office 365. That way, you won’t question what’s happening.
How to prevent Office 365 Phishing Attacks:
- User Awareness Training
Knowledge is power! The more informed your users are to the current threats and alert to them, the more likely they will be to spot a phishing attack. User Awareness Training is key to this and Nimbus can provide this training.
2. Add extra security
The second is to add an additional security layer that sits inside Office 365. This solution leverages artificial intelligence (AI), including machine learning (ML), uses real-time behavioural analysis to protect from unknown threats, whereas traditional fingerprinting and reputation methods detect only known threats. With this predictive approach, AI-based technologies leverage huge amounts of data to identify abnormal behaviours and inconsistent characteristics in the way’s emails are built and sent to identify a potential new threat. Again Nimbus can offer this product as part of your multi-layered security approach to cyber security.