CERT NZ has received reports of another Office 365 phishing scam that harvests credentials and sends the same email to all contacts in a victim’s address book.
The scam is making the rounds across many New Zealand businesses, CERT says.
The phishing email claims that someone wants to share a large file or photos. The file is downloadable through a link that looks like a genuine Office 365 login website.
The website asks users for their username and password. If they do so, the scammer then sends the same phishing email to all email contacts.
CERT NZ is warning businesses to be cautious of emails that ask to share a large file or photo, and often look like they come from someone who knows them.
In a recent blog, Microsoft revealed that it is using the genuine Office 365 tool to help detect, prevent and respond to threats.
Office 365 services such as Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) work alongside other Microsoft technologies such as Windows Defender.
“Although phishing tricks and tactics never cease, awareness and antiphishing technologies go a long way in thwarting them. No one solution can stop all phishing campaigns,” comments Microsoft in a blog from September.
The company explains that EOP is an email filtering service that prevents against known attacks by filtering known spam, viruses and malware. Office 365 ATP is also an email filtering service that protects against unknown threats, including zero-days.
“Educating employees about phishing and encouraging the mentality of ‘when in doubt, report it out’ provide network defenders with additional telemetry for detecting large-scale phishing campaigns—including sophisticated and targeted spear-phishing attempts,” the company continues.
CERT NZ recommends that for any email, users should hover over links to see the URL before visiting the website; use multi-factor authentication; call the person to see if they have sent a file; and advise CERT NZ of the emails.
For those who have been affected by a scam, CERT NZ recommends the following actions:
- Change your email password immediately, make sure your new password is very different to the previous one, and that you haven’t used that password anywhere else. If you use the same or similar passwords for any other accounts, change those too.
- Advise your IT department or your email provider that this has taken place.
- Work with your IT team or IT provider to check your email logs and ensure that all access attempts to your email were legitimate and authorised.