Microsoft is the Number 1 Phished brand – All because of Office 365 – How can Nimbus help?

Microsoft is the Number 1 Phished brand – All because of Office 365 – How can Nimbus help?

Office 365 combines email, file storage, collaboration, and productivity applications, including OneDrive and SharePoint. Together, they are the crock of gold of sensitive data and files that phishers are looking to exploit.

On obtaining a single set of legitimate Office 365 credentials, a phisher can conduct spear phishing attacks from within the organization, impersonating employees in order to extract a financial payback. Attackers mimic the protocols and appearance of Office 365 messages and interfaces to trick users into disclosing their login credentials and here are the type of attacks to look out for:

Example of a Phishing Attack

The Voice Message Attack:

Outlook for Office 365 indicates you have an email. The subject line reads: “Incoming: You received a voice message from +1 508 *** – 250 seconds.” It’s personalized with your first name in the body of the message. Along with the realistic-looking phone number, the email contains a phishing link you can click on to hear your message. Don’t! It’s a trap.

The ‘Action Required’ Attack

The message arrives with a subject line that says something like, “Action Required: [email_address] information is outdated—You must revalidate your account.” The message includes a link that is generally hosted on a legitimate although hacked website to bypass reputation-based email filtering systems. This is a trick to get you to disclose your Office 365 login credentials. This could be the first step in a multiphase attack, providing the attacker with all they need to begin conducting lateral attacks within your organization using the compromised Office 365 account.

The Shared File Attack

In a shared-file attack, you receive a file-sharing notification in an email message from a common name, such as “John” or “Julie.” You know someone named John or Julie, don’t you? You’re then redirected to a fake OneDrive login page where the phisher then harvests your account credentials. You assume you’ve been logged out. The phisher is counting on you to sleepwalk through your use of Office 365. That way, you won’t question what’s happening.

How to prevent Office 365 Phishing Attacks:

  1. User Awareness Training

Knowledge is power! The more informed your users are to the current threats and alert to them, the more likely they will be to spot a phishing attack. User Awareness Training is key to this and Nimbus can provide this training.

2. Add extra security

The second is to add an additional security layer that sits inside Office 365. This solution leverages artificial intelligence (AI), including machine learning (ML), uses real-time behavioural analysis to protect from unknown threats, whereas traditional fingerprinting and reputation methods detect only known threats. With this predictive approach, AI-based technologies leverage huge amounts of data to identify abnormal behaviours and inconsistent characteristics in the way’s emails are built and sent to identify a potential new threat. Again Nimbus can offer this product as part of your multi-layered security approach to cyber security.

Top 5 signs of a spam email

Top 5 signs of a spam email

Email is a must-have for easily doing business. For everything from work, shopping, social media and keeping in touch, the benefits email provides has made organisations more efficient and productive than ever before.

Even with all these benefits, having an email address does come with its security risks. With the increasing threats of viruses and spyware from spam and phishing emails, it’s now more important than ever before to ensure you are protected.

Ensure your business security with these tips for keeping their emails safe and identity spam emails:

Poor grammar and spelling

A well known way to identify spam is when the email is full of spelling or grammatical mistakes or looks like it has been translated online. However, with the quality of these spam emails improving, it’s now more important than ever before to make sure your staff and colleagues are thoroughly checking all emails for any indication of a spam email.

Unknown or odd email address

With spear-phishing attacks becoming increasingly more advanced, personalisation in emails, both for businesses and spam, is another way hackers try to convince the recipient that it’s a legitimate email. A way to check this out is to review the email address of the sender. If the address looks unrealistic, has a domain that you don’t recognise or isn’t related to the sender’s name or company, then this email should not be trusted.

The email’s content

With the amount of emails we all receive each day, it can be hard to spot what is genuine. Two common traits in spam emails are requests to provide sensitive information and offers which seems too good to be true.

If anything about the email’s content makes you unsure, don’t click any links and get in touch with the sender company to find out if it’s legitimate.

Strange attachments and links

Company emails will often have a call to action, in the form of a link or attachment, prompting you to find out more. Spam emails providing links and attachments can infect your PC with damaging viruses and spyware.

To check this, you can hover over email links to see if they look genuine or not. It’s a good way to see if they are malicious, without actually clicking on the link. Implementing an email and web threat protection to help to prevent end users from clicking on malicious links. Nimbus have a number of options available for this.

Ensuring your customers safety

Though spam is a major concern, this shouldn’t prevent businesses from taking advantage of using email as a way of effectively communicating. Being aware of how to spot spam, and implementing an email security solution, which can identify and remove 99% of spam before it reaches the mailbox, as well as ensuring emails are safe by implementing a backup storage solution will protect users from risks and give them confidence online.



Look No Further. Get Started Today.

Get in Touch