Microsoft Office 365, a convenient, online version of the Microsoft Office suite, has recently become the target of a new, widespread attack designed to steal user/employee credentials and ultimately launch attacks from within an organization.
According to Barracuda Networks, Office 365 attacks are becoming commonplace very quickly, targeting employees from a wide range of companies or just personal users themselves. The attacks are carried out beginning with specially crafted spear phishing emails, which are difficult to detect as phony as there are no absurd requests, the grammar is perfect, and the email appears to be from Microsoft. Once a user/employee opens these emails, they may click a link in the text, which sends them to a legitimate looking page which prompts them to enter their credentials. If the user/employee enters their credentials, the attacker then gains access to the account, allowing them to do a multitude of things including monitoring communication of the user and possibly sending malicious documents or messages to coworkers to harvest their credentials as well. Some hackers refuse to just stop there and actually craft a malicious scam notifying the user of something “urgent”, which requires capital payment.
Microsoft Office 365, while relatively new, has a large and growing user base currently with 100 million users and counting, therefore this is a serious issue that must be attended to, as the attackers will only be coming up with more and more clever ways to achieve their ends.