How to spot the new Office 365 scam

By Samantha Cordell | September 3, 2018

 

1809_o365-scam-s401476222_1200w

The most recent scam to watch out for almost perfectly imitates a trusted invitation to collaborate through Microsoft SharePoint. It’s a three-step attack that’s easy to avoid if you know how it works.

"Phishing scams disguise malicious links and emails as messages from trusted sources."

Step 1 - Invitation to collaborate email

The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”

In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.

Step 2 - Fake file sharing portal

Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.

Step 2 allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. But Outlook’s current features cannot scan the text within a file linked in the email. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.

Step 3 - Fake Office 365 login page

The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.

Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:

  • Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
  • Confirm with the sender that the links inside the shared document are safe.
  • Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
  • Double check a site’s URL before entering your password. A zero can look very similar to the letter 'o' (e.g. 0ffice.com/signin).

Do you have concerns?

Diamond's Business Technology Managers and Support Desk Technicians are available to assist you in protecting your organisation. Give us a call on 1300 307 907 or contact us via the form below.

Contact us today

 

 Published with permission from TechAdvisory.org. Source.

TAGS: Managed IT Services, News and General, Cyber Security

About Samantha Cordell
Samantha Cordell

Group Marketing Manager @ Diamond IT - Samantha (Sam) fell into the IT Industry after studying a combination of computer science and marketing at Uni, starting in Operations with the now decentralised Cabletron Systems. Over the next 20 years Sam undertook various marketing roles within Intel, Microsoft and Cisco Systems before moving to Newcastle for a sea-change working for Wine Selectors. “Not able to stay away from the IT Industry I jumped at the chance to join the team. I am excited to drive the marketing strategy for Diamond IT’s range of Technology Solutions."