sb-nz logo
Story image

Another Office 365 phishing scam hits NZ businesses

20 Sep 2017

CERT NZ has received reports of another Office 365 phishing scam that harvests credentials and sends the same email to all contacts in a victim’s address book.

The scam is making the rounds across many New Zealand businesses, CERT says.

The phishing email claims that someone wants to share a large file or photos. The file is downloadable through a link that looks like a genuine Office 365 login website.

The website asks users for their username and password. If they do so, the scammer then sends the same phishing email to all email contacts.

CERT NZ is warning businesses to be cautious of emails that ask to share a large file or photo, and often look like they come from someone who knows them.

In a recent blog, Microsoft revealed that it is using the genuine Office 365 tool to help detect, prevent and respond to threats.

Office 365 services such as Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) work alongside other Microsoft technologies such as Windows Defender.

“Although phishing tricks and tactics never cease, awareness and antiphishing technologies go a long way in thwarting them. No one solution can stop all phishing campaigns,” comments Microsoft in a blog from September.

The company explains that EOP is an email filtering service that prevents against known attacks by filtering known spam, viruses and malware. Office 365 ATP is also an email filtering service that protects against unknown threats, including zero-days.

“Educating employees about phishing and encouraging the mentality of ‘when in doubt, report it out’ provide network defenders with additional telemetry for detecting large-scale phishing campaigns—including sophisticated and targeted spear-phishing attempts,” the company continues.

CERT NZ recommends that for any email, users should hover over links to see the URL before visiting the website; use multi-factor authentication; call the person to see if they have sent a file; and advise CERT NZ of the emails.

For those who have been affected by a scam, CERT NZ recommends the following actions:

- Change your email password immediately, make sure your new password is very different to the previous one, and that you haven’t used that password anywhere else. If you use the same or similar passwords for any other accounts, change those too. - Advise your IT department or your email provider that this has taken place. - Work with your IT team or IT provider to check your email logs and ensure that all access attempts to your email were legitimate and authorised.

Story image
Cybersecurity spending to increase following SolarWinds hacking
Hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Fortinet promises free cybersecurity training until skills gap trend reverses
"We are committed to continue offering the entire catalogue of self-paced Network Security Expert training at no cost until we see the skills gap trend reverse."More
Story image
First AML awarded Privacy Trust Mark
“First AML conducts regular, detailed staff privacy and security training sessions and employs regular third-party audits that go above and beyond what is required by law."More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More