Office 365 administrators are the latest target for cybercriminal phishing. A mix of fake log-in alerts and copycat log in screen are phishing for credentials, relying on the IT users’ urgency to fix critical issues to gain access. Access to admin accounts are hacker gold, allowing for a greater range of impact, domain access, creating new accounts, etc.
The attack strategy, reported by Bleeping Computer, leverages the two most successful components of a phishing tactic: context and urgency. Fake Office 365 alerts citing expiration of licenses or an urgent issue such as “unauthorized access” prompt admins to click on hot buttons to investigate the alert. Clicking the link in the fake emails brings you to the phishing landing page (https: //nvxyvzjjrettyy.z13.webc.core.windows.net/index.php) where the copycat Office 365 log-in screen prompts you for your information. The site even uses an SSL certificate published by Microsoft.
This latest hacker campaign serves to remind us that yes, even admins and IT need security awareness training. With cybercriminals getting better and better at making their scams appear legitimate, everyone needs to become better trained in security measures. Don’t rely on two-factor authentication to thwart all hackers either—similar scams to this one have pushed codes to mobile devices through a collecting cloud application. Multiple factor authentication beyond just SMS messaging is a must for high-level access users like IT.