Office 365 hacking: What you need to know

Office 365 hacking: What you need to know

There is an app for almost everything — including one that cybercriminals use to hack into businesses’ systems. Cyberattacks have become so advanced that they now have an app. If you’re using Office 365, here’s what you need to know about Office 365 hacking.

A phishing scam that harvests users’ credentials

The latest cyberattack on Microsoft Office 365 involves harvesting users’ credentials. Scammers use this previously unseen tactic by launching a phishing message to users, asking them to click on a link. What makes this scam more dangerous is that the URL within the message links to a real Microsoft login page.

How does it work?

The phishing message resembles a legitimate SharePoint and OneDrive file-share that asks users to click on it. Once they do, the user is taken to an Office 365 login page where they will be asked to log in if they haven’t already.

After they’ve logged in, they’ll have to grant permission to an app called “0365 Access.” Those who grant permission effectively give the app — and the hackers behind it — complete access to everything in their Office 365 account.

This technique can easily trick lots of users since the app that requested access is part of Office 365 Add-ins feature. That means that Microsoft primarily generates the request for permission. No, Microsoft is not aiding hackers to breach systems. Instead, the scam is made possible by a feature that allows users to install apps that are not from the official Office Store.

Ways to protect your Office 365 account — and your business

Given their advanced approach, these scammers could easily prey on careless employees. There are ways to make sure that doesn’t happen.

  • Always check the email’s sender account before clicking on any link.
  • Implement a policy that prevents staff from downloading and installing apps on their own.
  • Regularly conduct security awareness training that covers cybersecurity topics.
  • Educate employees on how to spot phishing emails.
  • Increase their knowledge of more sophisticated attacks.
  • Keep everyone informed about current and future cybersecurity risks.

Successful attacks could result in a massive catastrophe for your company. For more tips on how to spot this and other scams and how to plan thorough security practices, contact our experts today.

Published with permission from TechAdvisory.org. Source.