Office 365 Phishing Campaign Targets Admin Credentials

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign.

In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains – an educational institution for example – not belonging to Microsoft. If the victim clicked the link, they were presented with a spoofed login for Office 365.

Administrators often have privileges on other systems within an organisation, potentially allowing further compromises.

Experts Comments

November 18, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
We continue to see phishing emails against cloud emails continue to grow with more innovative ways and techniques. The big challenge with these attacks is due to the changing domains, the nature of wording and even the hiding of malicious pages behind captchas makes it extremely difficult, if not impossible, for technological offerings such as email gateways to effectively protect against. Therefore, user awareness and training will remain the most effective and important step in protecting.....Read More
We continue to see phishing emails against cloud emails continue to grow with more innovative ways and techniques. The big challenge with these attacks is due to the changing domains, the nature of wording and even the hiding of malicious pages behind captchas makes it extremely difficult, if not impossible, for technological offerings such as email gateways to effectively protect against. Therefore, user awareness and training will remain the most effective and important step in protecting enterprises against such phishing attacks. Other controls that can help minimise the impact of compromised credentials include multi factor authentication, and having good monitoring controls in place that can detect and raise alerts wherever suspicious activity is detected.  Read Less
November 18, 2019
Stuart Sharp
VP of Solution Engineering
OneLogin
While a creative campaign, this type of attack is nothing new. Organisations are able to protect against attacks like these enforcing multi-factor authentication (MFA) within their corporate environments. Administrative accounts should be protected using strong MFA, such as hardware tokens or on-device biometrics to protect against more sophisticated OTP attacks. These solutions are currently the best methods by which organisations can protect themselves from such attacks, with MFA proven to.....Read More
While a creative campaign, this type of attack is nothing new. Organisations are able to protect against attacks like these enforcing multi-factor authentication (MFA) within their corporate environments. Administrative accounts should be protected using strong MFA, such as hardware tokens or on-device biometrics to protect against more sophisticated OTP attacks. These solutions are currently the best methods by which organisations can protect themselves from such attacks, with MFA proven to prevent 99.9% of account takeovers.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.