Watch Out For the Office 365 Phishing Campaign

Sophisticated phishing attacks target Office 365 users

Police Service Northern Ireland (PSNI) is warning businesses to be cautious in light of recent Office 365 phishing incidents in Northern Ireland.

A phishing campaign currently in circulation involves the use of a spoofed email claiming your Office 365 account is out of storage and asking you to review your settings.

If you click on the link within this email, you will be sent to a fake sign-in page of Microsoft Outlook Web Access, where scammers will attempt to steal your login credentials. By capturing your username and password, the criminals will be able to take over your account, which may lead to loss of funds or damage your business’ reputation.

The PSNI warns that the attackers have been setting the forwarding rules on compromised accounts to forward the users’ emails to unauthorised Gmail accounts. This allows the criminals to spy on the account communications both internally and outside the organisation, which can give them advantage for future attacks or allow them to collect sensitive business information.

The attackers may be targeting key personnel with the tactically sent phishing emails.

How to prevent phishing attacks in Office 365?
The PSNI advises businesses to be vigilant and check the legitimacy of any emails they receive. You should also:

  • enable two-factor authentication (2FA) on your most important accounts, such as banking an email
  • ensure that your firewall and anti-virus software is up-to-date
  • perform regular virus and malware scans
  • work with your system administrators to set adequate filters to block malicious file attachments reaching your mailboxes

If your Office 365 account has been compromised, or you have clicked on any suspicious links, seek professional advice from a reputable company.

Learn more about phishing scams and how to protect your business against phishing.