Cybercriminals Targeting O365 Users in New Phishing Campaign

Microsoft is warning office 365 clients of a new wave of cyber attacks used by threat actors.

Criminals are now using seemingly legitimate email addresses, containing display names, that manage to bypass email filters. These phishing scams are increasingly more sophisticated and mimic reputable sources. Hackers are targeting office 365 organizations whose employees send attachments regularly, according to Microsoft Security Intelligence (MSI).

MSI was able to determine that emails sent by malicious actors often contained fake Microsoft SharePoint attachments, and appeared as if they were from a trusted source. Domains used in these phishing emails are deliberately misspelled, but may resemble a trusted company (ex. johndoe@google.com vs johndoe@googIe.com, where the second address use a capitalized an “i” in place of an “l”). This would make it difficult to tell whether the domain was legitimate or not, a technique called “typosquatting”.

By clicking on the link within the fraudulent email, a fake sign-on page comes up with areas to input user’s Microsoft or Google usernames and passwords. MSI highlighted how legitimate these phishing attacks could appear, which may trick unsuspecting employees and employers.

Cyber criminals are always on the lookout for newer and more sophisticated ways to steal your personal information. Social engineering tactics like these emphasize the importance of maintaining cybersecurity best practices. You never want a hacker to gain access to your sensitive information, so be sure to read through your emails carefully. You should also consider having a strong email filtering system, as well as simulated phishing training, to keep your data safe and secure.