New Twist on an Office 365 Phishing Scam

PHISHING WITH OFFICE 365 SPOOFS

You are probably familiar with the phishing scams that attempt to get you to share your Office 365 password with the criminals, via a fake Office 365 logon page. Well, there is a new twist you need to make everyone aware of in your organization.

The lure used in this new phishing scam is nothing new; typical social engineering trying to get you to do something you should not do. What is unique is the method used to gain access to your Office 365 organization. Below we explain how the criminals are trying to get access to your information through Office 365.

SPOT A SCAM

Like a lot of these scams, you’ll be presented with a logon page for Office 365 like this one (right), which is the right Microsoft Office 365 logon page, not a fake one:

After you login, or if you were already logged into Office 365 (many people stay logged in), you’ll then see this permissions request pop up (image left). THIS IS THE BAD GUYS asking you to allow them access to everything in Office 365 account!!!

STAY ALERT

Careful attention to the things you are being asked to allow access to should trigger an alarm bell. While this is an actual function in Office 365 that has legitimate uses, if you are casually checking emails and this pops-up, immediately stop what you are doing and alert your cybersecurity team or IT department. This technique abuses the add-ins feature of office 365.

Currently, this phishing exploit appears to be coming in via spoofed sender emails with One Drive attachments. However, there is no reason that the delivery method won’t change to other techniques eventually. The emails are like traditional phishing emails, usually from a spoofed sender. Some email filters will probably catch these before anyone receives them. Security-aware people who know how to spot phishing messages probably won’t fall for this one if they stay alert!