Anglers catch fish by dangling bait in front of their victims, and hackers use the same strategy to trick your employees. There’s many phishing scams out there and the digital bait is almost impossible to distinguish from the real thing. Here are three things to watch out for in Office 365 scams.
Step 1 - Invitation to Collaborate Email
The first thing victims receive from hackers is a message that looks identical to an email from Microsoft’s file sharing platform SharePoint. It says, “John Doe has sent you a file, to view it click the link below…”
In most cases, the sender will be an unfamiliar name. However, some hackers research your organization to make the email more convincing.
Step 2 - Fake File Sharing Portal
Clicking the link opens a SharePoint file that looks like another trusted invitation from a Microsoft app, usually OneDrive. This is a big red flag since there’s no reason to send an email containing a link to a page with nothing but another link.
This allows hackers to evade Outlook’s security scans, which monitor links inside emails for possible phishing scams. Once you’ve opened the file, SharePoint has almost no way to flag suspicious links.
Step 3 - Fake Office 365 Login Page
The malicious link in Step 2 leads to an almost perfect replica of an Office 365 login page, managed by whoever sent the email in Step 1. If you enter your username and password on this page, all your Office 365 documents will be compromised.
Microsoft has designed hundreds of cybersecurity features to prevent phishing scams and a solution to this problem is likely on the way. Until then, you can stay safe with these simple rules:
- Check the sender’s address every time you receive an email. You might not notice the number one in this email at first glance: johndoe@gma1l.com.
- Confirm with the sender that the links inside the shared document are safe.
- Open cloud files by typing in the correct address and checking your sharing notifications to avoid fake collaboration invitations.
- Double check a site’s URL before entering your password. A zero can look very similar to the letter 'o' (e.g. 0ffice.com/signin).
At Bit by Bit, we offer third-party cybersecurity IT solutions that prevent these types of scams, taking the burden of setting them up and keeping them running off of your business. Contact us at info@bitxbit.com for information about our support plans for Microsoft products.