In a nutshell: An Office 365 hack epidemic has swept through the country this month. This type of hack happens when a user’s account is compromised through a tactic called account takeover (ATO). Using your email, the hackers then send malicious emails to people on your contact list in the form of suspicious links. These emails usually request private information such as credit card details or invoice payments.
The hackers then enter a phase of reconnaissance where they will track your email activity and monitor company activity. Then new mailbox rules are set up to re-route or delete emails sent from the compromised account. Therefore, you would never know your account has been compromised. The emails sent from your compromised Office 365 account are trying to complete one of two goals. The first is sending emails impersonating the account owner and sending emails with malicious links to that persons contact list along with a generic unsuspecting message. The second goal is targeted towards ‘high-value accounts’ such as accounting and financial staff’s accounts. These emails will sometimes interject themselves in a thread about payment invoices, money wiring, etc.
This type of attack is not associated with traditional phishing attacks, there are several factors that make the email appear legitimate such as: coming from a ‘trusted sender’ because the recipient is familiar with the sender and, using rhetoric or referencing things the sender will be familiar with. Therefore, these emails may get past traditional spam solutions making it very dangerous to users.
Impersonating someone you know
Hackers will often impersonate your boss, manager or colleague in these types of attacks. Check for things such as spelling, rhetoric, the sign off (i.e. kind regards, thanks, etc.). Also check with this person via phone, text or conversation whether they genuinely sent that email if you are concerned. Otherwise, contact Milnsbridge IT to inspect the email.
Is this email requesting something you wouldn’t normally be asked for? i.e. passwords, credentials, banking information or payment invoices. If the email is requesting sensitive information it’s best to check with that person via another type of communication form. If you can’t confirm the legitimacy of that email contact Milnsbridge IT.
Does this email contain links that you’re unsure of? You can hover your mouse over links you’re unsure of to see where they actually lead to. However, we advise you to not click anything in the email to be safe. Contact the friendly staff at Milnsbridge IT to inspect the email for you.
Requests to change credentials
Through the use of social engineering, hackers will impersonate co-workers, supplier, and customers in an Office 365 attack. If you receive an email from someone telling you you’re account has been compromised with a link to reset or recover your account do not click it. Instead, call Milnsbridge IT to determine whether or not your account has actually been compromised.
Identifying whether your OWN account has been compromised:
- The ‘Sent’ or ‘Deleted Items’ folders in Outlook contain spam messages from your account. They usually contain generic phishing rhetoric such as “XXXX please send me money as I’m stuck in London”.
- Alternatively, you may notice suspicious activity such as missing or deleted emails.
- You may notice the presence of new inbox rules that you nor your MSP created which may automatically forward emails to other addresses or folders.
- Changes to your profile such as names, telephone numbers, etc.
- An unusual signature being added to your emails.
Read more here.
If you identify with any of these issues call Milnsbridge Managed IT Services IMMEDIATELY on 1300 300 293 for emergency care.