Used by more than a million organizations worldwide, Office 365 (now called Microsoft 365) is the most popular cloud-based suite of office applications used in businesses, education and home environments.
Its popularity, however, is a double-edged sword because it gives cybercriminals many potential victims to target at once. Alas, that’s exactly what they’ve been doing in recent years, launching sophisticated phishing attacks to steal sensitive information and gain access to protected systems.
Office 365 phishing attacks won’t go away anytime soon, so organizations of all sizes need to familiarize themselves with them and learn how to protect against common phishing attacks. Read our best tips here!
Office 365 Phishing Attacks in a Nutshell
According to the NIST Computer Security Resource Center, phishing is “a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”
Are Phishing Attacks a New Threat?
Phishing attacks have been around since the 1990s, and most cybersecurity professionals now consider them to be the most damaging and most widespread threat facing small businesses.
While early phishing scams were largely primitive (think for a “Nigerian prince” asking you to pay a small processing fee to receive a fairy-tale inheritance), modern scammers behind Office 365 phishing email attacks are far more sophisticated, and their emails are often indistinguishable from legitimate correspondence.
The phishing attacks Office 365 users face can be divided into several categories:
- Email delivery failure: Phishers like to send out fake email non-delivery alerts to Office 365 users, tricking them into believing that an email they’ve recently sent hasn’t been delivered properly and providing them a convenient “send again” link. When users click the link, malware is automatically installed on their computers.
- Storage limit alerts: This fairly common Office 365 phishing attack starts with a seemingly innocent storage limit alert message. The recipient is asked to click a link in order to resolve the storage issues. As you can probably guess, the link is fake and leads to malware.
- Fake login requests: Most Office 365 users are at least somewhat used to having to reenter their login credentials from time to time for a variety of reasons. Cybercriminals know this, and they send out fake login requests whose sole purpose is to steal usernames and passwords from unsuspecting users.
Of course, Office 365 phishing attacks are effective only when most cybersecurity professionals and users are unfamiliar with them, which is why new kinds of attacks crop up almost every day.
Real-World Examples of Office 365 Phishing Attacks
At the end of 2020, Microsoft’s Security Intelligence team warned Office 365 users about an active credential phishing attack that used multiple sophisticated methods for defense evasion and social engineering when targeting enterprises.
Microsoft 365 Defender detects phishing and other email threats and correlates threat data across email and data, endpoints, identities, and apps. Microsoft Defender for Office 365 uses behavior-based detections and machine learning to detect sophisticated email threats.
— Microsoft Security Intelligence (@MsftSecIntel) November 16, 2020
“The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc.,” tweeted Microsoft’s Security Intelligence team. “These techniques, in addition to the fact the email message uses heavy obfuscation in its HTML code, make for a sophisticated phishing campaign, exemplifying the increasingly complex email threats that enterprises face today.”
Earlier in 2020, security firm Group-IB warned about a highly targeted Office 365 phishing campaign aimed at more than 150 businesses. The goal of the campaign was to steal confidential documents and contact lists of high-level executives in global and regional financial hubs, and the attackers behind it were based in Nigeria.
“The dubbed PerSwaysion campaign is a collection of small yet targeted phishing attacks run by multiple cybercriminal groups,” explains Group-IB in its extensive report. “The PerSwaysion campaign adopts multiple tactics and techniques to avoid traffic detection and automated threat intelligence gathering.”
These and other real-world examples of Office 365 phishing attacks highlight the severity of this threat and highlight the importance of effective Office 365 phishing protection.
Download
DoD Contractor’s Guide to CMMC 2.0 Compliance
How to Prevent Microsoft 365 / Office 365 Phishing Attacks
Considering how much phishers love Office 365, it shouldn’t come as a surprise that Microsoft has been the number one impersonated brand in phishing attacks in recent years.
The explosion of remote work during COVID-19 has only made Office 365 users more vulnerable, so all organizations that rely on Microsoft’s suite of office applications must strengthen their defenses if they want to avoid a costly data breach and the irreparable reputation damage associated with it.
Let’s go over three proven strategies (and one bonus) to avoid Office 365 phishing attacks.
1. Security Awareness Training (SAT)
Office 365 phishing attacks are so effective because they directly exploit the weakest link in the cybersecurity chain: users. As such, the most effective prevention against them is formal cybersecurity education of all employees.
The more employees know about Office 365 phishing attacks, and phishing attacks in general, for that matter, the more readily they can spot them before it’s too late. Security awareness training has the biggest positive impact when it’s ongoing, engaging, and relevant, so it’s best to partner with a specialized provider who has a wealth of real-world experience to draw from.
2. Microsoft Defender for Office 365
Microsoft is aware of Office 365 phishing attacks and determined to help users keep them at bay with Microsoft Defender for Office 365, a cloud-based email filtering service that includes multiple features to safeguard organizations from harmful links in real-time.
Depending on which plan you choose, Microsoft Defender for Office 365 can protect against unknown malware and viruses, detect malicious URLs in a message or in an Office document, let authorized users run realistic attack scenarios in your organization, generate real-time reports and insights, and more.
Microsoft Defender for Office 365 works with any SMTP mail transfer agent, including Microsoft Exchange Server, and it can be added to most Exchange and Microsoft 365 subscription plans with a few simple clicks.
3. Dark Web Monitoring
The dark web is made up of non-indexed websites, many of which are accessible only via special encrypted networks that protect the identities of their users. It’s also the first place where stolen login credentials and personal information are offered for sale. The purpose of dark web monitoring is to monitor the same channels cybercriminals use to exchange information and digital bounty to identify ongoing breaches in a timely manner.
By monitoring the activity of cybercriminals on the dark web, it’s possible to greatly reduce the damage caused by a data breach and prevent additional leaks of sensitive data. Dark web monitoring can be purchased as a service from many providers of cybersecurity services.
Bonus: Multi-Factor Authentication (MFA)
Multi-factor authentication, or just MFA for short, is an advanced authentication method that requires users to present two or more pieces of evidence to gain access to a protected resource, such as a website or application. In addition to a password, the other pieces of evidence may include a security question, biometric data, or verification code.
MFA can go a long way in stopping phishers dead in their tracks because it ensures that sensitive resources remain protected even when the main password guarding them gets in the wrong hands. In fact, around 80 percent of security breaches involve compromised passwords, so enabling MFA should be a no-brainer. Source
Conclusion on Microsoft 365 Phishing Attacks
Phishing attacks have become one of the most dangerous cyber security threats for organizations of all sizes and across all industries. Office 365 (or Microsoft 365, to be more precise) users are particularly vulnerable to these attacks because phishers are deeply familiar with Microsoft’s cloud-based subscription services and know how to craft emails that seem to be completely legitimate.
Since Office 365 phishing attacks are here to stay, it’s paramount for organizations to effectively protect themselves against them by implementing the strategies described in this article. If you need help with security awareness training, the implementation of Microsoft Defender for Office 365, or dark web monitoring, you should get in touch with us at OSIbeyond to discuss our valuable Managed Security Services.