Malicious actors have a history of trying to compromise users’ Office 365 accounts. By doing so, they can tunnel into a network and use their access to steal sensitive information. But they need not stop there. They can also single out other entities with which the target does business for supply chain cyberattacks.
Office-Related Cyberattacks
In the summer of 2019, phishers used fake alerts to trick admins into thinking that their Office 365 licenses had expired. Those messages instructed the admins to click on a link so that they could sign into the Office 365 Admin Center and review the payment details. Instead, that sign-in page stole their account credentials.
Other cyberattacks in 2019 used spoofing techniques to make the sender appear as if they were a fellow employee. Threat actors tricked people into allowing a fake Microsoft Office 365 app to access their inbox, contacts and other account data.
Near the end of February 2020, other cyberattacks warned users to update their Office 365 apps or risk having their accounts deleted. The phony messages instructed victims to enter their information on a login page and click an ‘update now’ button. In truth, that page was a crafted Google Form that exfiltrated a victim’s data to the attackers.
In May 2020, a phishing campaign used emails from what appeared to be the U.S. Supreme Court. The cyberattacks used threatening language to trick users into clicking a cyberattacks office target supply chain
