Pretty much any platform that requires user authentication to allow access can be a target for phishing. Also, anyone can be a victim, from SaaS customers to OneDrive users.

Malicious actors created an Office 365 email phishing site

Hackers sent remote workers malicious email links to fraudulently capture their user credentials, according to an Abnormal Security report. For starters, they took advantage of the fact that many organizations are currently setting up VPNs to secure internet connections for their work-at-home employees. The target receives an email disguised as official communication from their employer’s IT department in this phishing attempt. Next, the target clicks the link in the email, which leads to a VPN configuration that the attacker set up. In the end, the employee lands on a login page hosted on the Office 365 platform. Since the site looks almost 100% the same as the genuine one, the remote worker, sadly, falls for it. Therefore, the victim supplies their login details oblivious of the fact that they’re not signing into their employer’s official portal.  So, just like that, the bad actor makes away with the target’s Microsoft credentials. Here are tips for optimizing your email security:

User discretion: Always check the URL of any web form that requires your user credentials. Email security: Use email scanning anti-malware. Windows updates: Always install Windows security updates. Microsoft’s security tools: This can elevate your threat detection capabilities.

Have you ever been a victim of email phishing? Feel free to share your experience in the comments section below.

We recommend Private Internet Access, a VPN with a no-log policy, open source code, ad blocking and much more; now 79% off. Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ