Microsoft Office 365 Login Phishing Attack

Microsoft Office 365 Login Phishing Attack

img-blog-microsoft-office365-login-phishing-attack

Recently, eSudo has been getting a lot of questions regarding emails from what seems to be Microsoft Office 365 to change a password or to update credentials for their log-in account.

Please take a few minutes to read this article and The 10 Things You Can Do to Keep Your Company Email More Safe (see list below):

Spoofed Email Examples - A spoofed email looks like the examples listed below.

There are a few clues to why these emails are deceptive ….

  1. Wrong Company - the message claims to be from: I.T Desk
  2. Email Address Does Not Match - the email address does not match the sender name or your company domain name

    Please Note: Pay attention to the email address and confirm if it is from someone you know before you click on it. One letter or number will change the email address.

  3. Change Password or Update Credentials - the email body has a link to a website asking you to change password or update your account credentials.

    Please Note: If you click on the link to change your password, the website will capture your password so they can sell your Office 365 account information or use it for Ransomware.

img1
img2

With human error being linked to over 92% of data breaches, employees cannot afford to be uninformed. We recommend that businesses use a layered security strategy to help minimize all single-points-of-failure to help make it difficult for criminals and hackers to penetrate your network.

The 10 Things You Can Do to Keep Your Company Email More Safe

  1. Setup Two-Factor or Multi-Factor Authentication - for your Office 365 Email Accounts
  2. Employee Security Awareness Training - provide online awareness training to all your employees
  3. Backup your email and data files on a regular routine basis
  4. Setup DNS Record Security Protection - (SPF, DMARC, DKIM) to protect against email address spoofing, display name spoofing or email impersonation
  5. Disable Email Forward - to external email addresses
  6. Disable Webmail Access - if you do not use a web browser to read emails. You will not need this feature if you are currently using email application clients like Outlook or MacMail to read emails
  7. Monitor Your Email System - for known threats, spam, and Trojan emails
  8. Keep Anti-Virus Software, Windows OS, and MacOS Updated – with security patches and updates
  9. Block Access by Country - block access to your email outside the country or US if it is not required for your job
  10. Cyber Security Insurance - consider purchasing Cyber Insurance to protect your company data and customer information

If your business needs help with IT Security or want a second opinion, contact an IT Security Specialist.
You can also contact us at 408-216-5800 for a free IT Security Consultation.
Please provide your comments below if this information is helpful or you have additional recommendations you would like to make.