There are more than 100 million active subscribes of Office 365, which has inevitably attracted the attention of hackers who’ve revamped an deep-rooted trick. The distinctly targeted and thoughtfully-crafted lance phishing attack is even more difficult to identify. Here’s what you need to know.
The new threat uses spear-phishing, an old trick in which hackers send emails pretending to be from trusted sources and trick you into disclosing sensitive information. The e-mail messages are harder to spot because they are free of the usual telltale signs like misspelled words and suspicious attachments. You may need to update your knowledge about phishing scams because this new threat is well-disguised.
How does it work?
The hackers, pretending to be from trusted sources, create personalized messages to send to your inbox. The messages may contain a link or PDF file that leads to a non-suspicious landing page. The user is prompted to enter their credentials, which hackers then use to dispatch attacks within the organization.
As for the phishing emails with PDF attachments, the document may be locked and prompt you to enter a username and password to view the document. Once you do, your account is compromised and no longer yours. They may also send an invoice that requires you to log on to view the file which can be used to trick you into forward sensitive information.
What can you do?
It’s important to use multi-factor authentication to secure your account. The function exists within Office 365. Here is a step-by-step guide on how to activate it.
Training yourself and employees to spot common phishing techniques is vital. Make sure you verify the accuracy of the wording and sensibility of the requests. For added measure, your company can install an email-validation system designed to detect and prevent email spoofing.
Recognizing phishing emails and implementing a strong defense system are ways to protect you and your company against the new Office 365 threat. Contact your IT team for more tips on how to spot this type of scam and plan security measures.