PHISHING Scam Targets Office 365 Users

LATEST EMAIL PHISHING SCAM TARGETS OFFICE 365 USERS

A recent phishing scam is targeting businesses and consumers who use Office 365 email services. Fraudsters are gaining access to Office 365 accounts by stealing login credentials obtained using convincing fake login screens.

Fraudster email attacks are becoming increasingly sophisticated – often appearing to be sent from a business, organization, or individual the victim normally emails or does business with. The fictitious emails contain malicious links or attachments that redirect the victim to a fake login page asking for their email username and password. Once the information is entered, fraudsters then use the stolen credentials to log into Office 365 and send fraudulent emails to the victim’s contact list, perpetuating the scam.

If you use Office 365 for email, we encourage you to be extra vigilant. Emails containing hyperlinks or attachments that require additional actions by you should be carefully vetted before proceeding. If you are unsure if an email you received is legitimate, do not click on any links, attachments, or provide any information.

If you think you may have fallen victim to this scam, immediately contact Serif Systems via our ticket system at http://support.serif.net

·         Reset your user username and password or have Serif Support do this for you, we are happy to do this for our customers

·         Screen your computer and network for malware

 

We also encourage you to contact any of your email contacts via phone or a safe email address to inform them that your email account has been compromised and to let them know they may receive fraudulent emails appearing to be sent by you.

Signs your account may have been compromised include:

·         Providing your email login credentials in response to a suspicious email

·         Not receiving new emails you are expecting

·         Emails in your sent folder were not sent by you

·         An Out of Office message has been turned on that you did not set up

 

Serif Systems Ltd recommends taking the following preventative measures to protect yourself:

·         Ensure that you use complex passwords that are at least 8 characters long, use uppercase and lowercase letters, use special characters and make sure you don’t reuse the same password over and over again.

·         Use Office 365’s included multifactor authentication tool. In addition to your username and password, this tool requires you to access a mobile app or text message to further validate your identity. While this adds an additional step to the login process, it reduces the likelihood that a fraudster can log in if your login credentials are stolen.  We are happy to help you set this up.

·         Educate yourself, your employees and friends and family that may use your computer to be careful when browsing the internet and accessing email. If you are unsure where an attachment or link leads or if it is legitimate, do not click on it or provide personal or financial information. Make sure users know who to alert if they feel they may have fallen victim to a scam.

·         One very easy way to check a hyperlinks true destination in an email is to hover your mouse over the link, take this link for instance https://portal.office.com  – it actually goes to our support site but could easily have been set to go to a site that has been made to look like the 365 portal in order to make you input your username and password which the phishers would then steal.   Hover over the link and see for yourself.

 

While Office 365 is the most recent phishing target, these types of scams regularly impact other email applications and platforms as well. Always be cautious when opening any emails that were not expected, are coming from someone you do not know, and contain links or attachments you were not expecting. Take advantage of added security measures that your email provider offers..

If you ever feel information related to your 365 account with us has been compromised, please notify us immediately so that we can assist you with protecting your accounts and notifying the appropriate authorities.

Posted 9:55 AM | Permalink