The IT Company Blog - The IT Company

Office 365 Targeted by Cybercriminals

Written by Macy Brink | Sep 24, 2019 6:44:08 PM

Office 365 is a top priority for cybercriminals to gain access to.

We will keep this blog short and to the point. We may sound like a broken record, but The IT Company cannot emphasize the importance of educating your employees through Security Awareness Training enough.

Today we especially want to emphasize this need for users tied to Microsoft.

At The IT Company, Microsoft tools such as Teams, OneDrive, OneNote, etc. are products we find extremely beneficial and strong tools for your company. So it comes as no surprise to us that criminals are specifically attempting to target Office 365.

By gaining access to your Office 365 account, they gain the ability to send malicious messages to other employees or outside users, steal data and credentials within Office 365, or access other applications that have banking credentials which enables them to commit fraud.

KnowBe4 summed it up best when they stated inna recent article, “The list is only as limited as the creativity of the cybercriminal.”

By gaining access to your credentials, the doors for cybercriminals to be creative in what they can do from there, open.

Nuspire, a Managed Security Service Provider recently reported that the reports of PDF Phishing Attacks have risen 193% in just one quarter. Using fake email address that often appear as “support@”the attackers are able to target more than one specific user by appearing as an email address that more than one user typically has access to.

Within these fake emails, the user is prompted to review a PDF file located through Microsft’s OneDrive. Once the user opens the PDF file they are taken to a very authentic login page requesting the users Office 365 credentials.

Simple as that, now the criminal has access to your Office 365.

If you are an Office 365 user, it is imperative that you take this seriously. By no means should this information steer you away from using the strong assets of Office 365. Office 365 is being targeted because of how beneficial it is to so many companies. What this information should do, is cause you to take a step back and recognize if your employees are equipped enough to recognize suspicious activity.

Your best defense as an Office 365 user is to train your employees through Security Awareness Training and arm them against cybersecurity attacks.

At The IT Company, Security Awareness Training is important to us and to the protection of our customers. Don’t wait until it is too late, schedule a meeting with us today to learn more about Security Awareness Training.