Sophisticated phishing attacks target Office 365
With over 100 million monthly subscribers, it's not surprising that Office 365 is a popular target when it comes to attempting to steal credentials.
A new report from Barracuda Networks looks at how phishers are sending out authentic-looking emails purporting to be from Microsoft asking users to reactivate their accounts.
"Cybercriminals have a long history of designing attacks to reach the largest number of eyeballs possible," says Asaf Cidon VP of content security services, writing on the Barracuda blog. "From the early days of traditional spam, to search or trending topics on social platforms, criminals follow the users -- and Office 365 has become a breeding ground for highly personalized, compelling attacks."
If the user clicks a link in the message it sends them to a well-crafted landing page where they are prompted to enter their credentials. Once they do that the attackers will have login credentials and access to the account.
A number of things may happen at that point. A common scenario is that attackers setup forwarding rules on the account to observe the user's communication patterns, both with others inside and outside the organization. This knowledge can be used to help future attacks such as ransomware or other advanced threats.
Another common scenario is where attackers use the compromised account to send messages to other employees inside the organization in an attempt to collect additional credentials or other sensitive information. This approach typically has more short-term success, as there's typically an immediate response or action required. One approach here is by sending a PDF attachment. In this case, it appears like a colleague has forwarded a document to review (the PDF), and there are casual instructions in the email that say the document can be accessed by entering a work email and password.
More details of the findings and how to protect against attacks can be found on the Barracuda blog.