Why do people keep falling for phishing scams?

Phishing feels like one of the oldest tricks in the book. What makes the technique so effective? As with the coronavirus, phishing scams keep mutating, and it’s the mutations that continually catch people off-guard.

People want to know how to stop phishing scams. One of the first-line defenses is to remain aware of emerging phishing campaigns. Here’s what to know about the latest O365 phishing threats.

O365 mail credential theft

A phishing campaign that leverages Google Firebase is able to bypass email security protections in the Office 365 platform. Emails designed to look like business invoices were sent to as many as 20,000 inboxes. The emails appear with the subject line “Transfer of Payment Notice for Invoice”, and include a malicious link for invoice download.

When a person clicks on the malicious link, a series of redirects transport individuals to a phishing page. The page looks normal enough; it is branded with the Microsoft Office logo and has other signs of potential credibility. However, in actuality, the page harvests Microsoft log-in information and other personal details. The page requests so much information that hackers can easily use it to  navigate around two-factor authentication or security questions.

In addition to using the credentials to access accounts, cyber criminals could also attempt “password spraying”. Because so many people reuse passwords across accounts, an O365 password is liable to unlock corporate accounts of other types. Lastly, hackers could potentially use a person’s workplace email account to connect with and trick an employee’s customers and partners.

If you receive an email like this, will you fall for it?

In the event that a boring-looking, but potentially malicious, invoice unexpectedly lands in your inbox, review the sender’s name, the sender’s email address, and the way in which the email is written. See any inconsistencies within the email? If so, there’s a chance that it may be fake.

How can people stay safe from phishing threats?

  • Employ password management best practices.
  • Ensure that systems are patched as needed.
  • Implement advanced threat prevention technologies.
  • Report scam emails to your IT team.
  • Stay vigilant! Keep an eye out for phony-looking emails!

Looking for more information on different types of phishing attacks? Want more info on the O365 login related phishing scams? Check out this blog.