Office 365 Phishing Attacks Target Admins
A new phishing campaign has been recently uncovered in which hackers try to compromise Microsoft Office 365 administrator accounts. The hackers behind this new phishing attack delivered a phishing lure that impersonated Microsoft and its Office 365 brand. To make their lure appear more legitimate, the cybercriminals used multiple validated domains that did not belong to the Microsoft, including one domain that belonged to an educational institute.
Anyone that clicked on the link in the phishing email were directed to a spoofed login page for Office 365 where the hackers could steal their credentials.
There are several reasons why administrator accounts were targeted, the main one being Office 365 admins have administrative control over all email accounts on a domain. Office 365 admins often have elevated privileges on other systems within an organization and this can allow for other systems to be compromised via password reset attempts or by abusing single-sign-on systems.
If these attackers gain some level of administrative control over the sender’s Office 365 installation, they can create a new account to distribute the campaign deeper into the domain. This technique is often employed by hackers to further avoid detection.
The best way to protect against this type of phishing attack is to not open any suspicious emails with the subject line “Re: Action Required” or “Re: We placed a hold on your account”. There are also several security measures you should be using for Office 365 including multi-factor authentication, advanced threat protection, as well as email and archive protection. If you are not maximizing the security measurements offered for Office 365, give 2W Tech a call today. For just a few hours of labor and an insignificant cost upgrade to your Office 365 plan, 2W Tech can ensure you get the right solutions implemented to protect your Office 365 from phishing attacks and other outside threats.