Cybercriminals Use Malicious Office 365 App for Phishing Campaign
Cybercriminals are using a malicious Microsoft Office 365 app to illegally access end user accounts and data, according to managed threat intelligence and mitigation services provider PhishLabs.
The Office 365 phishing campaign involves the use of a phishing message that impersonates an internal SharePoint and OneDrive file-share, PhishLabs noted. Once a victim clicks on an embedded link in the message, he or she is taken to a legitimate Microsoft login page.
Next, the victim is asked to provide access to his or her Office 365 inbox, contacts and files, PhishLabs indicated. If the victim accepts the request, a cybercriminal then gains access to his or her Office 365 account and data.
How to Address Malicious Office 365 App Phishing Attacks
Office 365 password changes, clearing Office 365 sessions and activating multi-factor authentication (MFA) are ineffective to combat malicious Office 365 app phishing attacks, PhishLabs said. However, PhishLabs offered the following tips to help organizations address these attacks:
- Limit Office 365 users’ ability to install apps that are not downloaded from the official Office Store or whitelisted by an administrator.
- Teach Office 365 users about phishing attacks and red flags to help them identify malicious emails.
- Review apps installed across an Office 365 user base.
PhishLabs also offers Managed Enterprise Phishing Protection services to help organizations prevent, detect, analyze and mitigate phishing attacks. These services provide organizations with real-time phishing attack indicators of compromise (IoC).
Cybercriminals Launch Office 365 Voicemail Phishing Campaign
In addition to the malicious Office 365 app phishing attacks, cybercriminals recently began using fake voicemail messages to convince victims to provide their Office 365 email credentials.
A voicemail phishing attack involved the use of a malicious email that informed an Office 365 user about a missed phone call and a request to access his or her voicemail, according to McAfee Labs. Each email contained an HTML file attachment that would redirect a victim to a phishing website and ask this individual to log in to his or her Office 365 account.
McAfee Labs recommended that Office 365 users avoid opening emails from unknown senders to combat voicemail phishing attacks. It also recommended that Office 365 users leverage different passwords for different services and two-factor authentication.