« Back

New Microsoft Office 365 phishing attack

|News

Phishing attacks being known as one of initial step in cyber kill chain. COVID 19 made employees from different levels and organization work from home which expand landscape for news cyber attacks. One of them is new phishing attack on Microsoft Office 365 targeting financial sector.

It has been noted that attackers target C-level to harvest their Office 365 credentials. Successful attack could give an opportunity to launch further business email compromise attack (2021,threatpost.com).

Researches say most of the successful attack aim to compromise financial departments. The first attacks were intercepted in December. (2021, area1security.com)

What could attacker do if he has access to financial departments?

Financial department contain sensitive information such as employees personal details , billing information etc. In the attacker manage to obtain it, reputation and financial position of the organization will be affected as forged invoices from legitimate emails addresses could be sent to employees and partners. (2021, area1security.com)

What could we do to minimize the risk?

This phishing attack could be tackle by following basic cybersecurity practices as most of other phishing attacks. All employees should regularly attend basic cybersecurity training which could give them a fundamental knowledge of the most common cyber attacks and how to protect yourself and your employer.

Recommendation from Tactic Lab Team

Next time, when you receive an email which requires you to provide any sensitive information or download anything , it is best to verify the authenticity of the email via another channel.