New email threat hyper target business managers and IT departments


Business managers and IT departments of companies that use Office 365 are being newly targeted by thousands of phishing emails in an ongoing attack aiming to steal their Office 365 credentials

How is this different than previous attacks?

Cybercriminals have found a way to successfully trick victims with high level access in their company into giving up their Office 365 passwords without them knowing it. This is a major problem – highly targeted campaigns like this one that include social engineering can give advanced persistent threat actors complete control over a company network overnight and remain undetected almost indefinitely.

Here’s what you need to know

Knowing how this scam works can help you identify if your organization has been targeted and if you’ve already fallen victim, what to do about it

What these emails look like


1. What the emails look like

These highly targeted phishing emails have been showing up as either a) an automated email from a unified communications system that says that they have a voicemail attachment or b) an email indicating that they should “REVIEW A SECURE DOCUMENT.” In both cases, the emails contain personalized information such as name, title and company information, indicating that the hackers have done their homework and are going after high-value targets.

2. What clicking on the email link does

Fake Microsoft login screen


Clicking on the attachment will take the victim to a fake Google reCAPTCHA screen containing a typical reCAPTCHA box – with a checkbox asking the user to click “I’m not a robot.” This was specifically designed as the first step in tricking victims into believing that the link is real.

The second step takes the victim to what appears as a Microsoft login screen, branded with the company’s logo. This is important as it reveals that attackers do their homework and are customizing their phishing landing pages to fit their victims’ profile to make the attack appear more legitimate.

After “logging in” the victim is directed to a fake message that says Validation successful, and are then given a voicemail recording of a voicemail message to play.

This combination strategy of chaining highly customized and targeted steps is very effective at allowing threat actors to harvest the passwords of key people in the company and completely avoid suspicion. Once a cybercriminal gets into a network, they typically establish footholds deep within that can be difficult to detect or remove, watching employee activity and gathering confidential company data that can lead to reputation damage, more theft and eventual disaster.

The Takeaway

Be sure that your staff is equipped and trained on how to identify the latest cybersecurity threats. The pandemic has pushed scammers to be even more innovative with their emails and scams like this one are sure to trick people at companies that do not have an Employee Cybersecurity Awareness Training program in place.

Hackers have spent years honing their skills crafting these types of email campaigns, successfully taking down banks, businesses and local governments in the process. Shouldn’t your company spend a little time on this as well?

Next step: We can offer you a complementary Phishing Risk Assessment to test how likely your employees are to fall for such a scam. If you’re interested, more information is available here: https://cylanda.com/resources/phishing-risk-assessment/

Stay safe out there.

-A

PS. I recently did an interview on Think Tech where we talked about scammers and the new Apple M1 chip. Check it out!