In another wave of phishing, this time attackers have begun targeting Microsoft Office 365 admins. This phishing attack involves sending fake admin alerts in an attempt to steal account credentials.
Office 365 Fake Admin Alerts
BleepingComputer discovered a phishing campaign going on in the wild targeting Office 365 admins. The campaign executes by sending fake admin alerts to the target users. These alerts usually attempt to panic users by stating time-sensitive issues.
As stated in their report,
These alerts will typically be about a time-sensitive issues that requires an admins immediate attention such as an issue with the mail service or unauthorized access being discovered.
They identified the campaign upon noticing a few fake alerts. One of these stated about license expiration of an organization’s Office 365 account. The mail asked the recipient to “Sign in to the Office 365 Admin center” to view the message. The hyperlinked text within the emails contains malicious URL.
Whereas, the other message they analyzed, from a seemingly legit email account, supposedly informed the recipient of a ‘low-severity alert’.
Like always, clicking on the links redirects the users to phishing web pages that mock the legit website. As demonstrated by BleepingComputer, clicking on the ‘Investigate’ button in the second example would take the user to a fake Microsoft page. The users, here, should supposedly enter their account credentials.
What Next?
Despite warnings, advice, recommendations, and real-time examples of losses, people still fall for phishing campaigns.
Considering the declining success rate of lottery wins and prize money scams, it seems the scammers have changed their strategy. In order to target the corporate sector and even some semi-savvy individuals, the scammers now strive to take advantage of the users’ lack of knowledge about IT. Thus, they trick users with fake technical emails, such as the admin alerts reported here.
Although, an IT admin, ideally, should not fall for this scam. However, since most admins working at different organizations aren’t really true IT guys, they are likely to believe these emails. Therefore, the organizations must ensure appointing the right IT personnel at such crucial positions. Moreover, make sure to train every person in the firm about basic cybersecurity.
Let us know your thoughts in the comments.