Reports have emerged of a new phishing scam targeting Australian users of Microsoft Office 365 products, potentially crippling businesses during the busy pre-Christmas season.
It is understood that both individuals and businesses across the country have been targeted in recent days by an email purporting to be from Microsoft, which tells recipients to upgrade their accounts because of a lack of available storage space.
This is what the message looks like this:
Don’t click on the above.
People following the above instructions were then taken to a fake website, where the scammers obtained the relevant log-in details. Then either all hell breaks loose or they start spying on your systems to work out how they are going to make money. They can be very patient as the rewards can be very high.
Microsoft has been contacted for comment.
Responding to the Microsoft scam;
List of steps businesses can take boost detection and response capabilities:
- Share this email with your team.
- Practice: Just like fire drills, run regular drills to improve response times. Simulate breaches, conduct drills, or hire a penetration testing firm to attack you from outside.
- Be proactive: Being proactive with your security, rather than reactive, is the only way to safeguard your business.
- Regulate external access: Many breaches originate with third-party suppliers, partners, or cloud providers. Ensure that every entity connected to your network environment, without exception, adheres to your security policies. Also, set privilege, time, and location controls to make certain partners can access only prescribed systems and data.
- People/Customers/Suppliers wanting to share a file with you: Be wary of emails purporting to be coming in from associated businesses that want you to share a file. Do not log into say Dropbox with your Microsoft Office365 User Name and Password.
Be very aware at all times.