Microsoft’s Security Intelligence team has recently shared details about an ongoing phishing email scam that uses clever tricks in order to attempt to harvest Microsoft Office 365 credentials.
Whilst phishing attacks are unfortunately nothing new, they have increased substantially in the past 18 months due to the increase in people working from home, making it a major threat to businesses. Microsoft has also warned that this attack is “sneakier than usual”, meaning businesses need to remain on high alert.
What do the emails look like?
In a Tweet, Microsoft Security Intelligence revealed that "an active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.... The original sender addresses contain variations of the word "referral" and use various top-level domains, including the domain..[.]com, popularly used by phishing campaigns for spoofing and typo-squatting".
Those who are behind this particular scam are using Microsoft Sharepoint in the display name to tempt people to click the link. The email pretends to be a “file share” request and contains two URLs that victims of the phishing attack are encouraged to click on. When they click, users will be asked to enter private login information. Whilst the logos are extremely convincing, users need to be careful with these emails and always be certain they are genuine before clicking any of the links.
What can companies do?
Phishing attacks are a big problem for businesses and can often go undetected as some of them are very convincing. Regular training on phishing awareness as well as ensuring your company uses multi-factor authentication are two ways that Microsoft highly recommends. If a user does fall for one of these convincing emails and has entered their login information, ensure they change their password immediately.