If you feel that your internal staff is not up to date on the cybersecurity threats out there, partner with an IT support company like IT Solutions that can help fill in the gaps as needed. Likewise, another common scenario we've seen is that some organizations give administrative access to users that simply do not need it, which creates more opportunity for compromise.
Many network and email admins, especially in small businesses, were not properly trained to be IT Admins and possibly were placed into these positions because the company did not have a dedicated IT resource. And while we agree that most trained IT professionals know better, there are many situations where this phishing scam does in fact work. You may be saying to yourself that no IT admin would fall for these scams. The amount of damage that could be done with this level of access could be devastating. If the admin falls for this scam and enters their credentials in the page the hacker could gain access to the Office 365 admin portal. To make it more convincing, these phishing landing pages appear to be hosted on Azure using a security certificate from Microsoft as shown below. It then prompts the admin to "Investigate" the issue by logging in.Īs expected, when the link is clicked in these emails the user is brought to a fake landing page, asking them to enter their Microsoft login credentials. Using Azure and a domain attempts to add legitimacy and disguise the attack. The email then proceeds to tell the user to login to the Office 365 Admin Center in order to check their payment information.Īnother recent Office 365 phishing email targeting administrators sends an alert that someone has gained access to one of their user's email accounts. These email alerts are typically about time-sensitive issues that require immediate attention, such as an issue with the mail service or the discovery of an unauthorized user.Ī recent example of an Office 365 admin alert mentions that your company's licensing has expired. In an attempt to gain access into your Office 365 admin portal, phishers are now sending fake O365 alerts to IT professionals. JEdited on AugOffice 365 Admin User Phishing ThreatsĬompromising an employee's email account can be a win for any hacker, but gaining access to a domain administrator's account is like getting the keys to the castle.
0 kommentar(er)
