Executives Using Office 365 Targeted by New Scam

Recently, cybercriminals instigated a high-end spear-phishing campaign targeting executive users of Office 365. The attack bypassed multi-factor authentication (MFA) through a Microsoft 365 security flaw (reference). 

The Microsoft 365 design flaw gave attackers unrestricted access to user accounts, allowing them to monitor email accounts. The goal of the monitoring was to identify when a substantial transaction was made and then initiate a fraudulent email requesting change of the destination bank account to the attacker’s account. Essentially, it was an email bank scam. 

Because of the widespread use of Microsoft 365, this scam is now also widespread, specifically targeting executives and large transactions of up to multiple millions of dollars each.

What did the fraudulent emails look like?

Fraudulent emails addressed the victim by name and requested wiring instructions. Remember: banks will never request wiring instructions via email. They request them over the phone. This is sign #1! The email also used the actual company’s name and bank name. While seemingly legitimate, emails regarding bank wiring instructions should also be confirmed via phone.

Nonetheless, this scam obviously works or it wouldn’t be so widespread. 

Tips for Avoiding the Office 365 Scam: 

1. Follow the SLAM method — more on that here. SLAM stands for sender, links, attachments, and messages. This method will ensure you recognize fraudulent emails before acting on them (i.e., clicking, downloading, or responding in any way).
2. Make sure employees aren’t misusing their corporate email. That is, business emails should only be used for business purposes. Generation Z members are specific offenders in this area. We talk more about this challenge and how to overcome it here. Using corporate email addresses for personal use opens email accounts to greater vulnerability and the chance of being victimized.
3. Be especially wary when it appears to come from Microsoft. In case you needed more convincing, a report found that 43% of phishing attacks impersonate Microsoft. 

Email security remains a hot topic, and email phishing campaigns show no sign of slowing. Historically, we know that email security is a necessary focus for organizations prioritizing cybersecurity. In 2020 alone, 39% of phishing attacks were successful, and in 2021, 75% of phishing threats were delivered via email. For 2022, we’re seeing similar trends and a growing necessity to prioritize email security.

If your organization is looking to organize your cybersecurity plan and focus, PK Tech can help. We service small to medium-sized businesses in the Greater Phoenix Area. No matter your industry, we can support your business. Get in touch with our team.