Office 365 software is utilized by more than 150 million active subscribers. But this large number of users also makes Office 365 a major target for hackers. Recently, cybercriminals have been known to use a technique that doesn’t require users to give up their login credentials. While scammers have used similar tactics in the past, what makes this scam even more dangerous is that the URL within the phishing message links to a real Microsoft login page. Learn all about this new phishing scam and how to protect your company from becoming its next victim.
How does it work?
The scam starts with a phishing message that pops up on the computer screen that is a legitimate SharePoint and OneDrive file-share and includes a prompt for users to click. When users do, they are taken to an Office 365-login page where they are asked to log in, if they aren’t already.
Once users have logged in, they are prompted to grant permission to an application called “0365 Access.” Users who grant permission effectively give the app (and hackers) complete access to their Office 365 files, contracts, and inboxes.
This phishing technique can easily trick users because the app that requests access is integrated with the Office 365 add-ins feature, which allows users to install apps that are not from the official Office store.
How to protect your Office 365 account — and your company
To be sure that you won’t become a victim of this new phishing scam, be sure to:
- Always double-check an email’s sender before clicking on any links.
- Enforce a policy that prevents staff from downloading and installing apps that are not from the official Office store.
- Regularly conduct security awareness training that covers essential cybersecurity topics and educates employees on potential phishing scams.
- Cyberattacks can happen to any company. Protect your company from phishing scams like these by taking steps to increase security and awareness.
At MDL Technology, your company’s security is our number one concern. By offering services such as 24/7 support, network monitoring, offsite data backups, auditing and compliance and more we help ensure that you don’t need to stress about your team’s private information becoming public. Learn more about the services we offer by visiting our website.