Tech Talk: Office 365 accounts beware

hack
phishing

(Brandon Smith) #1

I’ve been very involved in the tech community for a while now and I’ve recently been seeing a lot of issues regarding phishing becoming more and more prevalent. These criminals are getting smarter even faster than our spam filters can keep up. The most recent tactic that I’ve been made aware of is something that aims to bypass spam filters entirely and isn’t a new issue at all. If you are on Office 365 you may have noticed an increase of phishing emails getting through to you, that could be because they are coming from other Office 365 accounts. These are being sent from valid senders, who have been compromised, so your SPF, IP, and DMARC filters aren’t going to do much. This means that regardless of how phishy they may look, because they are coming from other Office 365 emails, they aren’t being put into spam or, it appears, being checked at all.

On the same subject, there seems to be an uptick this year of password stealers that seem to be directed at Office 365 users, this could be because of that same issue. The phishing attacks are using fake Microsoft docs as trojans for these password stealers. They then can use that information however they please, it seems more and more instead of taking over the system are hunting the sensitive information to wreak even more havoc. They might even sell that information on the dark web. With this being so prevalent recently I definitely suggest staying vigilant and checking your accounts against known breaches to make sure you are as safe as possible.

If you are in an Office 365 environment have you been seeing an increase or elevated level of phish attempts? Have any of you noticed an increase in password stealing attempts?


(Howard) #2

Brandon, your timing on this was impeccable. It was just reported in several security news blogs over the last 48 hours that Office 365 phishing is happening on a huge scale. A new twist on it uses SharePoint link which is said to be undetectable by Microsoft’s filters because it was ostensibly white listed since it’s a Microsoft product. So they’ve named this scam PhishPoint. This article dated 8/16 yesterday says about 10% of global Office 365 users have been targeted worldwide.

"While 10 percent of customers have been targeted, the research team estimates that: “this percentage applies to Office 365 globally.”

Dubbed PhishPoint, the new campaign uses SharePoint, a collaborative platform which is compatible with Office 365, to harvest end-user credentials for the software."