Microsoft Office 365 adoption at the organization level is continuing at a strong pace. With such a massive user base, this multisystem platform has become a target-rich environment for cybercriminals looking to steal login credentials and other confidential information.
Why phishers love Office 365?
As it is entirely cloud-based, users can access their emails, files, and Office programs (Word, PowerPoint, Outlook, Sway, and Excel) from any location and any device. Moreover, it includes other online file storage and collaboration systems like OneDrive and SharePoint. Altogether, they represent a hive of sensitive data and files that phishers are looking to exploit.
What are the impacts?
- Office 365 credentials are a prime commodity on the black market as they can allow cybercrooks to gain access directly into company networks.
- With a single set of legitimate Office 365 credentials, a phisher can conduct phishing attacks from within an organization to steal business-related critical data or trade secret or financial information.
How bad is it during the COVID-19?
- With the transition to remote work and online learning, institutions of higher education, companies, and governmental organizations have witnessed an increased risk of phishing scams that target Office 365 services.
- A phishing campaign attempted to steal victims’ Office 365 credentials by masquerading as a subpoena from the Supreme Court. The phishing email included a phishing page hosted on the domain ‘invoicesendernow[.]com’ that stole credentials from users.
- Cybercrooks used a fake notification from Microsoft Teams in an effort to trick people into revealing their Microsoft Office 365 user names and passwords.
- A phishing email purporting to be from Financial Industry Regulatory Authority (FINRA) officers duped members of the organization to share their credentials for Microsoft Office or SharePoint.
- Employees working from home were targeted in a fake Zoom phishing campaign designed to pilfer their Office 365 credentials.
- A phishing campaign that leveraged various Office 365 services such as Sway, OneNote and SharePoint, redirected victims to different phishing sites created for gathering their login details.
What’s more frightening?
Microsoft recently revealed that attackers have already started adapting their phishing campaigns to use the newly updated design for Microsoft 365 sign-in pages. The new sign-in design was updated in February and rolled out during the first week of April.