I’ve been very involved in the tech community for a while now and I’ve recently been seeing a lot of issues regarding phishing becoming more and more prevalent. These criminals are getting smarter even faster than our spam filters can keep up. The most recent tactic that I’ve been made aware of is something that aims to bypass spam filters entirely and isn’t a new issue at all. If you are on Office 365 you may have noticed an increase of phishing emails getting through to you, that could be because they are coming from other Office 365 accounts. These are being sent from valid senders, who have been compromised, so your SPF, IP, and DMARC filters aren’t going to do much. This means that regardless of how phishy they may look, because they are coming from other Office 365 emails, they aren’t being put into spam or, it appears, being checked at all.
On the same subject, there seems to be an uptick this year of password stealers that seem to be directed at Office 365 users, this could be because of that same issue. The phishing attacks are using fake Microsoft docs as trojans for these password stealers. They then can use that information however they please, it seems more and more instead of taking over the system are hunting the sensitive information to wreak even more havoc. They might even sell that information on the dark web. With this being so prevalent recently I definitely suggest staying vigilant and checking your accounts against known breaches to make sure you are as safe as possible.
If you are in an Office 365 environment have you been seeing an increase or elevated level of phish attempts? Have any of you noticed an increase in password stealing attempts?