Many organizations around the globe have turned to cloud-based productivity and workforce collaboration tools to support remote working. Unfortunately, these platforms, for example, Office 365, have become an easy target for hacking and email phishing.
Cloud-based workforce collaboration tools are targets for hacking and phishing attacks.Abnormal Security reported calendar phishing attacks aimed at Office 365 users. To learn about leveraging antivirus and data encryption tools, head on over to our comprehensive Cybersecurity section.Alternatively, visit the Security & Privacy for tips and guides to help optimize your on-premise or cloud-based system security.
Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
Click Start Scan to find Windows issues that could be causing PC problems.
Click Repair All to fix issues affecting your computer’s security and performance
Restoro has been downloaded by 0 readers this month.
The cybersecurity firm Abnormal Security recently uncovered how malicious players built an Office 365 phishing site targeting remote workers that use the platform. Today, the company exposes a similar attack that exploits calendar invites.
As always, phishing attackers impersonate credible authorities, such as your employer, bank, or the government, to gain your trust. If you’re an Office 365 user, they could target you via any app or resource available on the platform.
Office 365 users a target for credentials theft
In this case, the attacker poses as personnel from the Wells Fargo security company. If you’re a target, the impersonator sends you an email stating that you need to update your account’s security key.
They have one objective: to steal sensitive information from you.
Next, the attacker warns that you have to update to the new combination to keep your account active. Of course, they say that to create a sense of urgency and get you to follow through with their malicious plan.
Financial institutions are always common targets for attackers. Access to a user’s sensitive information would allow an attacker to commit identity theft as well as steal any money associated with the account.
So, now you have to read an email attachment and follow the provided instructions.
But this attachment is actually a calendar invite (.ics file).Usually, these files hold scheduling data for calendar events. As an Office 365 user, the calendar invite may not initially look strange.
Apart from that, the invite includes a SharePoint page, which has a link you have to click to secure your account. Clicking on the link takes you to a fake Wells Fargo site instead.
The phishing page captures your account numbers, username, password, pin, and other sensitive personal info.
While Office 365 has multiple built-in security features, these can’t always catch all the threats to your personal information. So, it’s always good to exercise discretion and consult with your internal IT security team before responding to emails requiring sensitive information.
Have you dealt with any Office 365 security incident amid the COVID-19 crisis? Feel free to share your experience in the comments section below.
If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.
Still having issues? Fix them with this tool:
SPONSORED
- Cybersecurity
Email *
Commenting as . Not you?
Comment