Recent Office 365 Password Stealing Scams

We are seeing an increased number email scams over the past few weeks – many were focused on stealing Office 365 passwords.

As was recently noted in a Barracuda blog post, “There is a booming black market for stolen passwords within criminal communities, making malware that obtains these passwords profitable to distribute.”

Tens of millions of people have been affected by these phishing emails. If companies are impacted, they can incur major security risks and/or financial damage.

As a bit of background, these recent email scams have sent counterfeit messages that look like they were sent by reliable sources with the purpose to trick users into supplying Office 365 credentials for malicious intent. A couple specific recent Office 365 password scams are:

  • IRS phishing attacks – Aim is to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS.
    • This includes warnings like “We are apprising you upon the arisen tax arrears in the number of 2300CAD.” Word and Excel files may be attached such as “taxletter.doc”. With tax day around the corner, your team is susceptible.
  • Change your password – A request goes to team members from the system admin to change their Office 365 password.
    • The link leads the user to enter the existing password first which provides the fraudster with access to your network.

With the Office 365 credentials in hand, the scammers can do damage to your organization by accessing confidential information. But also, they can forward emails to look for other account user names, communications, and email addresses. They can then generate more malicious emails to impact additional users. If someone with Office 365 administrative privileges is impacted, the entire Office 365 account can be at risk.

Although you may have critical security layers in place such as spam filters, firewalls, and strong passwords, it is just as important to have Office 365 protection and educational programs in place to make employees aware of the types of email scams.


Thinking Beyond Standard Protection

To help prevent Office 365 scams, you should have educational programs as well as more Office 365 controls in place. This includes configurations within Office 365 such as advanced threat protection (ATP) which safeguards your organization against malicious threats posed by email messages, links and collaboration tools. ATP includes:

  • Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.
  • Reports: View real-time reports to monitor ATP performance in your organization.
  • Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
  • Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.

Regarding education, the most important aspect is to help employees become aware of what to look for and what not to trust. As part of our service, we have partnered with KnowBe4 to provide our clients with a comprehensive approach that integrates baseline testing using mock attacks, engaging interactive web-based training, and continuous assessment.

We wanted to share this with you as a caution for your organization. To learn more, you can download and read our recently published white paper on the topic of phishing schemes like these.

We would love to continue the conversation on this topic. If you would like to set up a 1:1 security review session, please feel free to contact me.


Dan Grady (here’s my LinkedIn)
If you enjoyed this blog, sign up for exclusive content!