Microsoft Office 365 adoption at the organization level is continuing at a strong pace. With such a massive user base, this multisystem platform has become a target-rich environment for cybercriminals looking to steal login credentials and other confidential information.
Why phishers love Office 365?
As it is entirely cloud-based, users can access their emails, files, and Office programs (Word, PowerPoint, Outlook, Sway, and Excel) from any location and any device. Moreover, it includes other online file storage and collaboration systems like OneDrive and SharePoint. Altogether, they represent a hive of sensitive data and files that phishers are looking to exploit.
What are the impacts?
Office 365 credentials are a prime commodity on the black market as they can allow cybercrooks to gain access directly into company networks.
With a single set of legitimate Office 365 credentials, a phisher can conduct phishing attacks from within an organization to steal business-related critical data or trade secret or financial information.
How bad is it during the COVID-19?
With the transition to remote work and online learning, institutions of higher education, companies, and governmental organizations have witnessed an increased risk of phishing scams that target Office 365 services.
A phishing campaign attempted to steal victims’ Office 365 credentials by masquerading as a subpoena from the Supreme Court. The phishing email included a phishing page hosted on the domain ‘invoicesendernow[.]com’ that stole credentials from users.
Cybercrooks used a fake notification from Microsoft Teams in an effort to trick people into revealing their Microsoft Office 365 user names and passwords.
A phishing email purporting to be from Financial Industry Regula ..
Support the originator by clicking the read the rest link below.
