The announcement comes as part of Cybersecurity Awareness Month, highlighting the ongoing risks posed by phishing attacks .
The emails come from "organizational domains impersonating legitimate administrators," making them appear as if they came from an internal administrator, colleague, or business partner. The fake emails link to legitimate Microsoft or Bing pages, making it difficult for even security-conscious employees scanning for suspicious URLs to detect the scam.
Check Point noted that logging in to a fake email — thereby giving the attacker your login information — can "lead to email account takeover, ransomware, information theft or other negative outcomes." The team did not provide any information about whether the attackers had succeeded in exploiting anyone so far.
In 2023, Check Point found Microsoft was the most-spoofed brand in phishing scams. The other companies featured most often in spoofing campaigns were Google, Apple, Wells Fargo, and Amazon.
SEE: Educators may be an underserved community when it comes to cybersecurity training , despite the number of cyberattacks that target schools.
Employees should feel empowered to personally reach out to administrators and colleagues whenever they suspect an email might not be legitimate. If you're not expecting a request to share a folder or collaborate through business software, verify the email directly with that person before engaging.
Individuals should also look for misspellings or clunky language. However, the scheme Check Point detected gets around this by copy and pasting real Microsoft privacy policy statements.
The old belief that sketchy emails always contain errors isn't necessarily true any more. Attackers are aware of this expectation and often use correct grammar to make their phishing attempts more convincing. Plus, generative AI makes creating grammatically correct emails simple and fast.
Be your company's Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays
No comments:
Post a Comment