Microsoft Office 365 Scam

High-value Microsoft Office 365 users are being targeted in a new phishing scam intended to compromise their login credentials. Victims of the ongoing attack have willingly given up their login info to hackers, providing direct access to business data, as well as other accounts that use the same password.

How Does The Scam Work?

Targets receive an email informing them that they missed a phone call, with an audio excerpt of the voicemail attached. They are prompted to login and hear the full voicemail, and are directed to a fake website that collects the username and password entered.

This is a form of phishing, a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers. In this case, it’s known as “vishing”, one of the latest variants of phishing being tracked by cybersecurity professionals.

Instead of attaching malware to an email and disguising it as a PDF, cybercriminals specifically disguise it as an audio file and make it so the email appears to be from an automated voicemail service.

How Can You Protect Yourself From Scams Like This?

It all comes down to whether the target can tell it’s a phishing email or not. Learn to recognize phishing emails by these common red flags:

  1. Incorrect Domain: Before even taking a look at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big name company – but talk is cheap. It’s much more difficult to spoof an actual domain name, and so it’s more common to see domains that are closer, but not 100% correct. If it seems fishy, it probably is.
  2. Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
  3. Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.

In the end, the key to phishing scams like this is that they don’t rely on digital security vulnerabilities or cutting-edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place.

Like this article? Check out the following blogs to learn more:

ElevateNext 2020 Vision Series: Catherine MacDonagh Interview

Client Management Suite Part 3: Using LPM to Win and Keep Work

A World of Possibilities for Law Students and Young Lawyers