Microsoft and its suite of services are prolific among not only businesses, but at-home users as well. It is now estimated that there are over 1.2 billion users of Microsoft Office, 60 million Office 365 commercial customers, and 120 million business users. Therefore it should be no surprise that the cyber criminals and hackers are now targeting Microsoft 365 as a data-rich environment to pillage.
In December 2019, multiple outlets reported increased phishing attacks on Microsoft 365. Because it is statistically likely that your company is utilizing this platform , here are a few of the more common methods to watch out for.
Targeting Microsoft 365 in 2020
- You Have Received a New Voicemail Message: No one in business likes to think they may have missed an important message. Many of the attacks have come via a message to the end user which indicates that they have received a new voice mail, but it could not be transcribed. The user must then click a link to hear the message. These email alerts often look enough like a Microsoft issued transmission that a casual user many not be able to identify it as a scam. As technology rapidly offers new convenient alerts and messages, many users may not understand that clicking this link (seemingly from Microsoft) could be devastating.
- This Email is From a Trusted Source: In recent months, hackers have developed a way to send an email message from another domain. The problem is, that domain has been compromised, so opening the email installs the malware. Because the message comes from a legitimate and recognized domain name, filters and firewalls are less likely to flag the message. While administrators may easily notice these ploys of the cyber criminal, less savvy users may more easily be fooled.
- Your License Needs to Be Renewed: Hackers will often exploit a time sensitive issue, such as a necessary Microsoft 365 license renewal, in order to try to trick a busy administrator into clicking and making their network vulnerable. Administrators as a group will generally not fall for such a trick, but the criminals targeting Microsoft 365 hope to catch a small percentage of them. A similar attack not related to Microsoft 365 (but worthy of mention) is in regards to domain name registration. When a small business owner receives a message saying that their domain name needs to be renewed or they will lose their website, they may panic and click to renew. Unfortunately, hackers understand this, and will often use this method of coercion to get you click the link. They may even send you an “invoice” through a seemingly legitimate source and ask for payment.
One of the key benefits of partnering with a manages service firm is access to a bench of experienced network security experts. We understand that many small to medium sized business owners don’t have the time to keep up with the latest cyber threats and phishing scams, or to learn how to best prepare themselves. However, the need to protect yourself cannot be ignored or put on the backburner.
As cyber attacks increase and criminals get more creative, it is taking administrators more and more time to monitor the situation and put out fires.
Alliance ITAlliance ITAlliance IT, a Sarasota-based managed services firm will help you to assess your current threat level, apply immediate patches and security measures, and continually monitor your network for new breaches or attacks. Our team of professionals can have eyes on your network 24 x 7, so that you can get back to doing what you do best – running your business.
