Phishing, Microsoft Office 365, Cyberattacks Phishing Attacks Targeted at Office 365 Users

According to the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), cyberattacks have increased by 400% since the start of the COVID-19 Pandemic. As more companies and individuals move to Microsoft Office 365, the platform grows as a target for hackers and scammers. Phishing attacks are some of the most common types of attacks end-users will encounter.

What are Phishing Attacks?

Phishing is when someone sends an email, text message, or phone call to lure individuals into providing sensitive information such as passwords, banking, and/or credit card details. Phishing scammers use a wide variety of techniques from telling end-users. From claiming a lucrative reward or lavish prize to pretending to be friends or family in need of financial assistance, they send hyperlinks/attachments that install malicious software on the end-user’s machine and potentially your network.

Steps to Protect Yourself from Phishing Attacks

Reach Out

If you receive an email from a known contact that seems unusual or unexpected, pick up the phone and give them a call to confirm they sent the email.

Hover Over

If you receive an email with hyperlinks, hover the mouse pointer over the hyperlink to see if the link seems like a legitimate URL. If the URL in the hyperlinks seems very long, containing random letters and numbers it should be considered suspicious. See the example below:

Phishing message

Set Up MFA

In Microsoft Office 365 multifactor authentication or MFA can easily be set up by your exchange administrator. Every time someone tries to access your Office 365 account a phone call or SMS text message will be sent to your phone containing a six-digit verification code. Without that code, malicious actors cannot access your account.

Office 365 Phishing Attacks

The new phishing emails that target Office 365 users typically come from a known contact who has already been compromised. The email will say the contact has shared a document with you but to access this document through One Drive, you will need to enter your Office 365 credentials. Once you have entered your credentials, you have now given the hackers access to your Office 365 account where they will spam the same type of phishing emails to all of your contacts.

You may not even notice as spammers typically make mailbox rules that move all of the sent spam and the replies from those who received your spam into your junk or deleted folder. These types of phishing emails may look vastly different but some appear as the example below:

Open document phishing

The best way to prevent a cyberattack is to be supported by a professional IT team with extensive knowledge of cybersecurity. TCI Technologies can assist your business in learning more. Contact us today.


New call-to-action

    FREE Mobile Security Checklist

    Recent Posts

    Subscribe to Our Newsletter