Microsoft 365 Phishing Attacks on the Rise
Credential phishing attacks continue to be on the rise. In this popular type of campaign, attackers create fake login pages or forms to steal credentials from corporate employees who use certain apps or services such as Microsoft 365. The majority of these credential phishing attacks for Microsoft 365 present a phony login page for Outlook. Once a user enters their credentials, your account information was just hacked.
Another tactic seen in the Microsoft 365 phishing campaigns is where the hacker appended the recipient’s email address to the URL. In this instance, the path for the phishing page gets generated dynamically, while the user’s email address is automatically filled in. Beyond helping the landing page skirt past traditional security, this tactic gives this type of campaign a more personal touch, therefore increasing its effectiveness.
Users need to be cautious when a site presents a form that asks for personal/sensitive information, regardless of what site you are on. Look at the URL and address field closely to make sure it’s a trusted site. Unfortunately, most users are too trusting or are moving too fast to really pay attention. Using multi-factor authentication can really protect you, as well as making sure you regularly update your passwords.
Phishing attacks are becoming very common, so you need to make sure you keep your team informed of all security measures they should be taking to help protect their accounts, and ultimately your business. 2W Tech is a technology service provider and Microsoft Gold Partner. Give us a call today and let our IT Consultants work with your business to ensure your users and network are safe and protected from outside threats.