Microsoft’s Office 365 is often targeted by scammers and cybercriminals. This is a major problem, as Office 365 is one of the most widely used software suites by businesses around the world – undoubtedly part of the reason that it is so often under attack.
Despite the fact that the UK’s National Cyber Security Centre (NCSC) has made a concerted effort to implore system admins to implement stronger cybersecurity practice, Office 365 is still exceptionally vulnerable. In fact, there is damning evidence from Microsoft itself about the security practice of its users.
Through a security dashboard available to Office 365 administrators, users are given a ‘security score’ to indicate the strength of their defences and security processes. The maximum score is 707, and yet the average Office 365 score is just 37.
Businesses using Office 365 need to ensure that they are taking their cybersecurity extremely seriously. One of the most important ways of doing this is to provide your employees with as much information on the types of attacks they can face as possible. Some of the most common scams are phishing schemes – and these can take many forms.
Some of the Office 365 scams to look out for
Cybercriminals use a wide variety of tricks in attempting to compromise users – this can involve impersonating Microsoft or other well-known businesses. While there is an almost unlimited variation in the types of scams, some of the most widely seen include the following
- Fake meeting requests – this type of phishing scam sends messages that spoof the name and email address of a senior executive and asks the users to reschedule a meeting, by taking part in a poll to choose the new date and time. When a user clicks on the link, they are presented with what appears to be an Office 365 login page but it is in fact a phishing site.
- Employee pay rises – this scam uses the bait of a pay rise to convince employees to give up their Office 365 login credentials. The email contains a link to an apparent spreadsheet containing details of an employee salary increase – however, the link takes the user to a phishing site that looks like the Office 365 login page. This scam is especially effective because the login page displays the user’s email address prominently.
- Voicemail scams – this scam makes use of a genuine audio recording that requests employees allow Microsoft access to their Office 365 account, along with an almost identical login page that actually harvests the victim’s details.
- Content scams – it is also possible for criminals to utilise Microsoft Sway – a genuine presentation software – to create a spoofed site. This looks genuine and even experienced and knowledgeable users have been tricked into entering their details. The fact that the phishing email contains a link to a genuine Microsoft product makes it very difficult to spot this form of cybercrime.
- Conversation hijacking – this scam sees phishers infiltrate a genuine email account using previously compromised credentials, and then insert themselves into a conversion – essentially taking on the persona of the account that they have gained access to. When another employee gets an email from this ‘trusted’ colleague, they will happily click on the links they contain, which takes them through to a spoofed site.
Admins are targeted too
It is not just general employees who are targeted with phishing scams. IT administrators are singled out by cybercriminals, as their accounts typically have greater privileges and access to more company data. With access to an admin account, criminals can carry out extremely effective attacks against other members of the organisation by creating new accounts.
Administrators in Office 365 typically have access to all of the email accounts on the domain, which may allow cybercriminals to take over those accounts or retrieve emails from them.
How to improve your Office 365 security
Of course, improving employee knowledge is a vital way to reduce the effectiveness of phishing attacks. But it is also important to take a multi-layered approach to Office 365 security and put additional defences in place in order to mitigate the potential damage of an attack.
There are various steps that businesses can take such as enforce multi-factor authentication as a part of account access, as well as ensuring that administrators have a separate account for day-to-day access and only use the admin account when necessary.
It is almost important to invest in proactive monitoring of your network in order to detect any malware or unusual activity. The earlier that any suspicious activity is detected, the sooner it can be acted upon. This reduces the window of opportunity for a cybercriminal to achieve his or her intended goal.
Related content from StrategyDriven