During the past several months, we have seen a rise in phishing scams targeting businesses and consumers who use Office 365 email services. Hackers are gaining access to Office 365 accounts by stealing login credentials that are obtained from convincing fake login sites, after tricking users to click on links or to download an attachment that was sent by both trusted contacts.
Phishing emails are becoming increasingly sophisticated – often appearing to be sent from a trusted business or individual the victim normally emails or does business with. The fictitious emails contain links or attachments that redirect the victim to a fake login webpage asking for their email username and password. Once the information is entered, fraudsters then use the stolen credentials to log into Office 365 and send fraudulent emails to the victim’s contact list, perpetuating the scam.
If you use Office 365 for email, we encourage you to be extra vigilant. Emails containing hyperlinks or attachments that require additional actions by you should be carefully vetted before proceeding. If you are unsure if an email you received is legitimate, do not click on any links, attachments, or provide any information
If you think you may have fallen victim to this scam, immediately contact your Cyber Security or IT advisor. If you do not have a reputable Cyber Security or IT advisor, call us immediately, 949-266-2088. In the meantime, we recommend that you do the following:
- Reset your user Office 365 username and password
- Disable any forwarding rules or rules that move messages to the deleted folder
- If you find no rules in your Outlook, check your Outlook Web Access for the above rules to make sure those rules do not exist
- Enable auditing on the mailbox
- Screen your computer and network for malware
We also encourage you to contact any of your email contacts via phone or a safe email address to inform them that your email account has been compromised and to let them know they may receive fraudulent emails appearing to be sent by you and not to click on any of the links.
Below are a few signs that your account may have been compromised:
- Providing your email login credentials in response to a suspicious email
- Not receiving new emails you are expecting
- Emails in your sent folder were not sent by you
- An Out of Office message has been turned on that you did not set up
Below are preventative measures that we recommend to best protect yourself:
- Ensure that you use complex passwords that are at least 8 characters long, use uppercase and lowercase letters, use special characters and make sure you don’t reuse the same password as other websites.
- Change your password frequently and do not reuse any of your previous passwords.
- Use multi-factor authentication tool. In addition to your username and password, this tool requires you to access a mobile app or text message to further validate your identity. While this adds an additional step to the login process, it reduces the likelihood that a hacker can log in if your login credentials are stolen.
- Use Advanced Threat Protection, advanced email protection that scans attachments and e-mail links for malicious content. It also helps identify potential phishing and spoofing scams.
- Educate and train yourself and your employees to be careful when browsing the internet and accessing email. If you are unsure where an attachment or link leads or if it is legitimate, do not click on it or provide personal or financial information. Make sure users know who to alert if they feel they may have fallen victim to a scam.
While Office 365 is the most recent phishing target, hackers are always improving and evolving these types of scams to impact other email applications and platforms as well. Be cautious when opening any emails that were not expected and contain links or attachments you were not expecting.
If you have any questions regarding this blog article, feel free to email web@intelecis.com or call 949-266-2088.