Since Microsoft’s launch of Office 365 for businesses in 2011, this edition has grown to be the most attractive cloud service due to its competitive pricing. According to studies done by Skyhigh, there were 70 million active users with 1 out of every 5 corporate employees using an Office 365 cloud service as of June 2016. With both Federal and state governments taking advantage of Microsoft 365’s budget friendly pricing, security, and privacy, it has become a target for phishing attacks.
The new threat is referred to as the “Office 365 Account Compromise.” Using social engineering to find victims, scammers send an email claiming to be from Microsoft and notifying the user that their account has been suspended. The message then states that in order to take action, you must click on a link in the email. Once the user has clicked on the link, they are asked to provide their login credentials. If the user follows through, their account is compromised. This will only allow the criminals to gain access to the user's contacts, but also to confidential information about your company that could leave it susceptible to internal hacks.
So how do you know whether an email is real or a phishing attempt by scammers? First, always keep in mind that Microsoft does not suspension notices by email. Second, there are tell-tale signs of a fake email. Below are examples of how scammers can use social engineering to construct a phishing email that will help guide you if you are ever unsure about an email you receive:
For the original article, visit A Phishing Attack in the Clouds May Rain On Your Parade