Getting into your Office 365 is a veritable gold mine for attackers and they know it. The number of phishing attacks by scammers has increased by nearly 200% in a single quarter. Access to an Office 365 account allows an attacker to email malware, steal stored data, and gain access to OneDrive and SharePoint, just to name a few.
Office 365 phishing attacks typically slip past many standard security countermeasures. Anti-malware software and Microsoft’s signature defenses won’t stop the attack. With over 52% of organizations reporting sensitive and confidential information stored on their SharePoint, that’s a lot of risk.
“With a single set of legitimate Office 365 credentials, a phisher can conduct spear phishing attacks from within the organization, impersonating employees in order to extract a financial payback via wire transfers, gift cards, ransoms, and more,” blogs Vadesecure. “Moreover, they’re able to acquire more Office 365 credentials and spread across other organizations.”
Attackers get in by copying the Office 365 protocols and appearance to trick users into disclosing their login credentials. Often the attack comes from generic mailboxes like ‘support@’ that users don’t think twice about. As always, Security Awareness Training goes a long way toward preventing a potentially catastrophic security breach for your organization.