Scammers use a mixture of familiar brand, unsuspecting users, legitimate document types and locations, and credential harvesting in this attack aimed at getting into your Office 365.
If a cybercriminal can get into your Office 365, there’s potentially a lot they can do. They can email malware-laden messages to users both within and outside the company, steal data stored in Office 365, access applications in the cloud that provide them intel or access to banking details to commit fraud. The list is only limited by the creativity of the cybercriminal.
So, gaining access to Office 365 has become a priority for many cybercriminal organizations. We just wrote about how Microsoft continues to lead the pack as the most-impersonated brand by cybercriminals. Data found in Managed Security Service Provider (MSSP) Nuspire’s Q2 2019 Quarterly Threat Landscape Report demonstrates exactly why it’s so useful for cybercriminals to leverage such brands.
According to the report, the use of PDF phishing attacks rose 193% in just one quarter. What makes this so dangerous for organizations is the tie-in with Office 365. These attacks are focus on generic mailboxes, such as a ‘support@’ email address used by more than one user, prompting them to review the linked-to PDF document up on OneDrive. The victim is then asked to provide their Office 365 credentials via a realistic-looking OneDrive login page.
Users within your organization need to work with an elevated sense of security – one that makes alarm bells go off in their head the moment they see anything that has a hint of looking like it’s either out of place or is even slightly suspicious. This sense of security is derived through continual Security Awareness Training – designed to both educate the user on how they play a role in the organization’s security and on methods used by scammers to attempt to trick users into becoming unwitting attack participants.