We are receiving reports of targeted attacks to Office 365 users.
The attack starts with a phishing email to an end user saying that their account has been compromised and to click on a link to fix the issue. This is a fake link that takes you to a website that looks like an office 365 login page – it’s not! If you enter your username and password into this site you are giving the hackers what they want – a way in.
The next thing the hacker does is take that username and password and log into your account (having two factor authentication on your account will stop this but they will have your password). They can now send emails around your business that come from your verified account – spreading the effect. In some cases the attackers are also setting up forwarding on your email account so they can see all the emails sent to you and spread the problem even further.
We recommend that two factor authentication is turned on on your accounts, additional security added (such as advanced threat protection from Microsoft) and regular security awareness training is given to all of your users.