• about reply
WM Reply Logo
Menu
  • About Us
    About Us
    • Newsroom
    • Case Studies
    • Events
    • News & Communications
    • About Us
  • Services
  • SOLUTIONS
    SOLUTIONS
    • Productivity & Collaboration
    • SharePoint Intranets
    • Enterprise Social Networks
    • Digital Workplaces
    • The Accelerator by WM reply
    • Core Technologies
    • SharePoint
    • Power Platform
    • Microsoft Teams
    • Office 365
    • Microsoft FastTrack
    • Microsoft Exchange
    • Yammer
    • Nintex Workflows
    • Microsoft Viva
    • Business Solutions
    • Mobile Applications
    • Document Management
    • Consumer Experience
    • SharePoint Websites Design
    • SharePoint Extranets
  • Careers
  • Contact us
  • about Reply
WM Reply Logo

Search

Focus On

News & Communication

The rise of phishing scams in Microsoft 365

FOCUS ON: Antiphishing, cybersecurity,

More organisations than ever today are opting to utilise cloud-based services. The benefits are myriad, including both enhanced scalability and drastically reduced maintenance costs, but companies need to remain vigilant against the many cyber threats, such as phishing scams specifically targeting software-as-a-service (SaaS) apps. Widely used by over 155 million commercial users on monthly subscriptions, Office 365 from Microsoft is a major target for cybercrime and companies utilising it must bolster cloud security to protect sensitive data.

BEC Awareness

Business email compromise (BEC) is an enhanced phishing attack currently on the rise. The scam involves a cybercriminal falsely claiming to be a company employee and requesting a payment for services from a legitimate member of staff. If successfully fooled, the legitimate employee wires the funds to an account named by the hacker and the theft is complete.

Cybercriminals use either a near identical address to a real employee’s (which can slip past detection) or utilise a compromised account obtained by harvesting a user’s credentials. They will then attempt to acquire another real identity to send phishing attacks via email to other employees, spreading the scope of the malicious assault. Largely unreported BEC attacks continue to thrive.

Advanced phishing tactics

Today hackers track their targets more effectively, carrying out detailed research on companies from in-house news to studying technology use and business supply chains. All information amassed is then used to hone attacks, crafting bespoke phishing assaults ever more difficult to recognise as a threat.

Attacks on Office 365 users include false notifications and requests, including security alerts and email reports claiming failure to deliver. Cybercriminals often build trust with targets over a chain of emails before making attacks strengthening the potential success of the scam.

Techniques of attack are becoming increasingly more sophisticated. Whereas before a hacker needed the victim to click on a link to trigger malicious attachments, new attacks using PowerShell have been found to activate malware when files are simply previewed in Outlook.

To avoid security defences, attacks are now being launched from trusted platforms like SharePoint, which makes them harder to identify or lock out.

Secure practices for greater defence

If your organisation subscribes to a cloud service such as Office 365, measures to counter phishing attacks like BEC should be part of your security plan. Educating your staff to identify and report attacks is essential and making rigid authentication in multiple forms mandatory on all accounts is advised, as passwords can be appropriated and cracked by hackers.

Monitoring and identifying phishing threats is vital to security. EDR (Endpoint Detection and Response) and SIEM (Security Information and Event Management) tools are invaluable to log and analyse risks and respond to attacks, shutting them down before they have an opportunity to spread.

For support and advice on employing Microsoft technology at your company, you can count on WM Reply. As specialists in collaborative platforms from Microsoft including Office 365 and SharePoint, our qualified team is well-suited to solve your business problems with smart solutions.

RELATED CONTENTS

02.01.2020

News & Communication

APT groups ramp attacks on enterprises in Q3

It has been reported that target attacks on businesses showed an increase in the third quarter of the year, according to Tech Republic. Cyber attackers have continued to depend on both social engineering and malware to acquire information from both individuals and enterprises alike. Attacks are deployed using bogus using built-for-purpose email addresses, compromised sites in SharePoint and word docs riddled with malware.

24.12.2019

News & Communication

Users issued warning over spoof Windows update

Cybersecurity experts have identified a spam campaign capable of infecting systems with Cyborg ransomware. The attack is made via a fake Microsoft email that outlines an important update for the Windows operating system.

07.11.2019

News & Communication

SharePoint used to outflank secure software from Symantec

A campaign of phishing attacks is using the online platform SharePoint to bypass the Symantec Corporation’s secure email gateway.

 
 
 ​
 
Reply ©​​ 2023 - Company Information -
 PrivacyCookie Settings​
  • Abou​t Reply​​
  • Investors​​​
  • Newsroom
  • Follow Reply on
​
  • ​About WM Reply
  • Privacy & Cookies Policy
  • Information (Client)
  • Information (Supplier)
  • Information (Candidate)