Heimdal Security, a leading cybersecurity company, has found evidence of a new Microsoft phishing scheme that targets Office365 users. In an article, Heimdal Security says that they have found evidence of a new Microsoft phishing campaign that uses multiple attack channels and tools to fool people into giving out their sensitive information online.
First of all-- what is phishing?
Phishing, usually done through emails, is a type of scheme that involves tricking people into giving out their sensitive information online. These types of information can be your personal information, financial information, or private information about your friends and family or your workplace.
Norton, one of the leading popular anti-virus and anti-malware software companies, describes phishing as an effort by scammers to trick you into giving up personal information which they can use to access your bank accounts or credit cards. Phishing can be in the form of email, sms (text) messages, or even by phone.
How does this new scheme work?
Like all phishing efforts, the aim of these scam tactics is to get your sensitive information by getting you to click something and then fill out a form. These pages are incognito and, most of the time, looks like an official Microsoft and/or OneDrive page. Usually, these attacks disguise themselves as work-related documents that might reference work jargon, work conversations, or time-sensitive financial information to get you to fill the form out as soon as possible.
In addition, Heimdal Security has found that this scam use compromised Microsoft and LinkedIn accounts to spread the phishing campaign.
“The first step seems to be hacking into someone’s account and then using it to further spread malicious messages (which contain links). This lends more credibility to the phishing invitation when it arrives in the inbox of the next targets.”
The victims are then asked to click on the link(s) sent by the hackers and, once they click on the link, they are instantly redirected to a OneDrive or Office365 portal.
However, these portals aren’t real.Once you type in your username and password, the hackers now have access to your Microsoft Office365 account and/or your OneDrive account.
What can you do to protect yourself?
There really is nothing you can do but equip yourself with enough know-how about these types of attacks. “A lot of people that come to us for IT consulting or ask for IT security tips usually don’t have IT security measures at all,” says Emil Isanov, CEO, ETech 7. “Our most common advice to companies is that it’s a must for any type of company to educate their employees about basic security principles. These basic security principles can be in the form of recognizing a fraudulent email from a legitimate one, not clicking on sketchy links, and staying away from spammy websites. Equipping your employees with enough knowledge to spot these sketchy stuff on the internet would not only save your company grief in fixing an infected computer but also avoid probably downtime for your company.”
What else can you do?
Managed IT Services is the way to go! You might be asking - if it’s as simple as installing an antivirus, doing a quick lecture with my employees, and ensuring that I have antivirus software in place, why should I hire a professional?
Easy. Peace of mind.
Instead of spending your time learning these stuff then educating your employees about the different types of Internet pitfalls, why not just focus on growing your business?
You might be rolling your eyes but please - hear us out!
Managed IT service providers exist to help your business cover your IT needs which, in turn, allow businesses to lower costs and become more effective in its day-to-day operations. These services may vary from server management, customer support, server backup, to - you guessed it - network security.
And, as we’ve talked about before, data is king in today’s world. Almost every single business decision now relies on acquired data. That’s where we, as managed IT service providers, come in.
“Managed IT service providers oversee large data centers and put multiple layers of protection in place,” says Isanov. “However, users may still be breached by hackers. It is of utmost importance to understand that as technology improves, the type of attacks become more intricate as well. All hope is not lost though - as long as each security layer is kept up to date, we would be able to see attacks from a mile away.”
Still unconvinced? Or do you want to know more about how you could better protect your business? ETech 7 offers a free network check for your business!