Office 365: Another Day, Another Phish!

New phishing attacks are bypassing the Advanced Threat Protection (ATP) mechanism implemented by email services such as Microsoft Office 365.

Defense Against Links

Microsoft Office 365 offers a range of services to help defend against potential phishing attacks by scanning links in emails for any blacklisted or suspicious domains with artificial intelligence and machine learning security protection.

Old Tricks

But scam artists managed to bypass security protections in order to victimize users.  Cybercriminals used techniques like ZeroFont to imitate a popular company to deceive users into providing personal information, and at times, even banking credentials!

Some hackers have been splitting up the malicious link so that Microsoft fails to identify the suspicious domain and victims are redirected to phishing sites.

New Tricks

A new technique cybercriminals have incorporated in their schemes to bypass Office 365’s security protections is by using SharePoint documents.

The body of the email appears to be a standard SharePoint invitation from someone looking to collaborate.  Once the link is clicked, the browser automatically opens the file.

The content of the SharePoint file mimics a regular access request to a OneDrive file, but an ‘Access Document’ button on the file is actually hyperlinked to a malicious URL.

The malicious URL redirects the victims to a spoofed Office 365 login page, requesting the users’ login credentials, which is then collected by cybercriminals.

What Now?

People need to become aware of these phish schemes in order to detect a real email from a malicious one.  Cybercriminals are thinking up of clever new ways to get people to click a link, download a document, or steal your credentials.

“In order to identify this threat, Microsoft would have to scan links within shared documents for phishing URLs. This presents a clear vulnerability that hackers have taken advantage of to propagate phishing attacks,” the researchers said.

Office 365 can only do so much to protect users against these attacks.  Microsoft urges people to be suspicious of the URLs in the body of an email, especially emails with subject lines such as Urgent or Action Required. Using two-factor authentication can prevent these attacks, even if a hacker obtains your password – they would still need the second authentication step.

Original Article Found Here.

  • 3