September 18, 2021

Volume XI, Number 261

Advertisement

September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis

September 15, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Microsoft Warns of Tricky O365 Phishing Attack

If you are an organization that uses Microsoft Office 365 as your email platform, be on the lookout for a new tricky phishing attack recently used by cybercriminals. Microsoft has issued an alert to its customers warning them of the new attack, which merits mention to your users.

The phishing scheme is designed to use convincing emails, a legitimate-looking SharePoint site, and “a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.”

According to the alert, “The original sender addresses contain variations of the word ‘referral’ and use various top-level domains, including the domain com[.]com, popularly used by phishing campaigns for spoofing and typo-squatting.”

The emails reportedly try to get users to believe they are being asked to join a secure SharePoint site by using SharePoint in the display name and poses as a site for bonuses, staff reports or other links that curious users may be duped into opening, which then navigates to the phishing page without the user’s knowledge.

Microsoft continues to urge O365 users to implement multi-factor authentication on all accounts. User education continues to be an important tool to combat successful phishing campaigns, and keeping users informed of the newest scams gives them the ability to protect company data.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 216
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement