Employees using Microsoft Office 365 are being targeted in a phishing campaign that makes use of bait messages camouflaged as automated SharePoint notifications to steal their accounts. It is believed this campaign has now reached an estimated 50,000 mailboxes.
The attackers behind this phishing campaign kept the phishing messages as short and vague as possible, and they also included the targeted company’s name multiple times within the emails, to help induce a feeling of trust and make the targets think that the phishing emails were really sent from within their organisation.
Office 365 users have been targeted throughout this year using fake Zoom suspension alerts, fake VPN configs, fake Microsoft Teams alerts, and Small Business Grants Fund (SGF) relief payment baits, with tens of thousands of these phishing emails landing in the targets’ mailboxes as part of these phishing campaigns.
Earlier this month, Microsoft also warned of a recent shift to new types of phishing tactics such as consent phishing, besides regular email phishing and credential theft attacks.
If they fall for the attackers’ tricks, the victims’ Microsoft credentials will be used to take full control of their accounts and all their information will be ripe for the picking, later to be used as apart of identity theft and fraud schemes such as Business Email Compromise (BEC) attacks. New-school security awareness training ensures your users know how to spot the potential warning signs as they continue to work in an at-home environment.
With thanks to the Cyber Defence Alliance and Bleeping Computer.The full story is here: https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-employees-with-fake-sharepoint-alerts/
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW