In recent weeks our support and security teams have seen an increase in sophisticated (and tricky) phishing scams aimed at Office 365 users. These phishing emails are well disguised and often pass through spam filters undetected.
As recent as last week I received one of these messages in my inbox and decided to review the steps every user can take to defend their online identity from such an attempt.
First, it is important to understand what the malicious actors are after – which in most recent cases is your username and password. The credentials you use to sign-in to email, your computer, or another website are valuable to hackers and bad-actors looking to slowly siphon information and details from your everyday communications.
Second, with the large majority of email and file sharing now taking place on cloud services like Office 365 OneDrive or Dropbox, phishing emails will often imitate the ‘look & feel’ of these servers. Font, colors, and logos are all very easy to replicate and many of these phishing attacks have authentic looking websites setup to look just like your everyday Office 365 login.
Knowing what the malicious actors are after and how they disguise their tools is the first step of defense. The next step is awareness – not just a general overview – but rather a distinguished set of ‘features’ or ‘unique queues’ that force a user to take notice. The XPERTECHS Security Operations Center recommends the use of specific corporate branding, colors, fonts, and customized messages to help users distinguish between a fake and “the real thing”.
Below are some examples of a phishing message and how to spot a fake:
Example 1: Email Received from “Microsoft"
- Messages will often come from a legitimate address (this is usually an account that was compromised)
- Fake Logo or Font will be used to make the message appear legitimate
- A link or prompt for action (see next sreenshot for detail)
- A false greating or text to make the message look official
Example 2: Fake Office365 Login Screen
Aimed at convicing the user to enter their credentials, phishing emails are increasingly leading users to fake login websites that capture keystrokes of the user. Below is an example of a fake Office365 Login Screen.
- Legitimate sites have a URL that will always end with their company domain + “.com” Ignore anything before the “Microsoft.com”
- Most all legitimate sites have “HTTPS” – however it is possible for a fake site to have HTTPS. Be cautious and always look at the full URL.
Example 3: Legitimate Office 365 Site
Legitimate Microsoft sites will always have “HTTPS."
Legitimate sites will have one of the following domains:a
The Best Defense is Offense!
In summary, the best protection against phishing scams and social engineering attacks such as these is to be vigilant and proactive. The XPERTECHS Security Operations Center team has adopted several best practices for Office365 branding that provide immediate visual clues to users - helping them quickly distinguish a legitimate Office365 login site. Below are details of a custom Office365 login experience:
Login to Office365 via the web will always prompt a user with one of two screens:
Legacy Office365 Login Page
Modern Office365 Login Page
Once the user enters their email address (i.e. firstname.lastname@example.org) the page will immediately refresh with customized graphics and visual logos:
Legacy Office365 Login Page Features:
- Company Logo
- Custom Graphic
Modern Office365 Login Page Features:
- Company Logo
- Username with Picture (if user has uploaded)
- Custom Background Logo
Would You Like More Security Tips?
If you are looking to increase your network or Office 365 security, give us a call today at 410-884-0225. One of our security specialists will be happy to speak to you about your business!