AE Blog - Cyber Security Notification to Office 365 (Outlook) Users
Coalition, one of our Cyber Liability Insurance carriers, recently identified and alerted its policyholders of a known Office 365 vulnerability.
The alert advises of an ongoing, large-scale, phishing campaign targeting Office 365 users. If Office 365 (Outlook) is your email provider, your firm is at risk to be targeted by these phishing scams.
The phishing emails appear to be from “The Office 365 Team” and falsely claim that “A medium-severity alert has been triggered” because of an “Unusual volume of file deletion”. Recipients are prompted to view the alert details that takes them to a legitimate-looking, but fake, Office 365 login page that is used to steal usernames and passwords.
Phishing Email Example
RECOMMENDED ACTION FOR OFFICE 365 USERS
Notify & Train Employees: Awareness is key. Alert your employees of this targeted phishing attack and train them on how to spot a phishing attempt.
Notify IT Department: If you think you have been affected.
Implement Two-Factor Authentication: Implementing Two Factor Authentication (2FA) on company emails and critical systems is recommended. The links below provide more information on what 2FA is and how to set it up. There is no cost to implement this feature for Office 365.
How do I enable 2FA in Office 365?