We have recently become aware of an increase in the number of severe “phishing” attacks on customers using Office 365.
Emails are being sent to users where the content often highlights an ‘issue’ with the system or emails not getting through and presents itself to be an official email from Microsoft.
On the face of it, the emails appear to be genuine and invite the user to click on a link directing them to input log in details in order for the ‘issue to be corrected.’
This link is however fraudulent in nature, leading to external hackers being able to obtain critical credentials allowing them to gain access to each inbox and obtaining sensitive data relating to bank details, online accounts and so on.
The most common means of malware infiltrating a network is through email, because once the email corresponds with a degree of trust, it is easy for a user to click on a suspicious link and whilst there is ultimately no 100% method of protection, adopting a belts and braces approach to security and regular training of colleagues is vital to protect the network from exposure.
Multi Factor Authentication is an additional notification sent to a mobile phone via text or a phone call to provide the user with a unique code. This uniquely generated code is then required to gain access to Office 365. If someone is trying to maliciously gain access to an account, the user will be alerted because Multi Factor Authentication has been activated.
It can used for a variety of other accounts including social media platforms, eBay and so on.
“We are now urging customers to adopt Multi Factor Authentication using the Microsoft Authenticator Mobile App”
This prevents any payment being made that relates to a bogus invoice. In this sense if somebody were to compromise your systems and request funds to be paid against an unknowingly bogus invoice then your finance team would recognise that it did not correspond to a Purchase Order number and hopefully raise a “red flag” against it.
If a user’s credentials have been stolen, then they normally become available on the Dark Web. Fifteen Group have recently partnered with an external company, ID Agent, who offer Dark Web Monitoring for domain names. This service provides a daily scan of the Dark Web for any compromised user credentials that may be for sale there where we are able to provide an initial free report on request and then for a small monthly fee we’re able to set up your domain name on the monitoring tool for daily checks.
We have found in approximately 80% of the scans that we have completed so far that users have been unknowingly compromised in the most unexpected of places.
75% of all breaches onto your network will occur via your users and investing in continuous training for them to be able to easily identify potential threats is therefore a useful and recommended exercise. As part of the Dark Web Monitoring tool, ID Agent, will also provide you with ongoing dummy “phishing” attempts to be able to identify which users within your business are the ones likely to click on a link. With this information we can then tailor specific training for those users to assist them in learning how to identify threats.
As a final recommendation we would recommend that you invest in Cyber Insurance through your insurance broker. It’s an invaluable aspect of business cover.
The ultimate responsibility for protecting data always lies with individual business owners.
We’re here to support and advise you on creating the strongest defence.
Contact us today and make cyber security a priority.
