Post #4 in threat types
Abusing Microsoft’s branding is one more dirty trick in the hackers’ toolbox.
By “branding,” we mean the look and style of Microsoft products. Hackers are creating fake Microsoft login screens using official logos, text, etc.
If you are busy at your job, and a Microsoft Windows screen pops up and asks you to do something, wouldn’t you cooperate? Of course; crooks know you are busy.
By now, the hackers’ motives are known to all of us; stealing other peoples’ stuff. They will take your information, your money, and your peace of mind. Here is what you can do.
How to stop fake Office 365 login screens
Use the Office 365 “multi-factor” authentication tool. In addition to your login, this tool requires you to access a mobile app or text message to prove your identity. Yes this adds login steps, but also it reduces the chances that a crook can get into your private materials.
Spread the word: Everyone be careful on the web and using email. If you are not certain about an attachment or link, assume the worst until your security procedures provide a green light. Do not provide personal or financial information unless 100% confident of your safety. Make sure everyone has contact information for cyber-emergencies.
While Office 365 is a more recent target, similar scams regularly impact other email applications and platforms. Always be cautious when opening unexpected emails, or coming from unfamiliar people, and containing links or attachments you did not request. Take advantage of added security measures offered by your email provider.
Use complex passwords at least eight (8) characters long, use uppercase and lowercase letters, use special characters and make sure you don’t reuse the same password over and over again. It is extra work, but preferable to getting ripped off. Change your password regularly.
Identifying if crooks are already inside
If any of the following has recently occurred, you may already have a problem. Have you or anyone nearby seen email like the following…
Dear user: marketing
Your request on 6/18/2019 8:40:03 a.m. to remove your email from the server is approved.
Are you sure you want to terminate our service?
Ignore to continue with removal in exactly one(1) hour after you read this notice or CANCEL THIS REQUEST NOW
If anyone clicks “CANCEL THIS REQUEST NOW” link, they will then see a fake “Microsoft Office Support | Account Update” page with instructions to sign in to cancel the request. This document is actually a survey built in Excel Online.
Variations on pretending to be real
Some of the more clever scammers may host their fake material on live.com, where the site is secured with a certificate signed by Microsoft. Obviously, that just increases the odds that everything looks legit.
Once the victim has turned over their username/password, they will see a thank-you, followed by a notice that their “response was received.” The hackers can then harvest the login whenever they like.
Clues of a crime
- Providing email login credentials in response to suspicious email
- Not receiving new emails you are expecting
- Emails in your sent folder that you did not send
- An Out of Office message turned on that you did not set up
Office 365 recommends taking the following preventative measures to protect yourself:
Reset your user username and password
- Disable forwarding rules or rules that move messages to the deleted/trash folder
- Enable auditing on the mailbox
- Screen your computer and network for malware
Also recommended: Contact any of your email contacts via phone or a safe email address to inform them that your email account has been compromised. Let them know they may receive fake emails appearing to be sent by you.
If you think you may have been targeted by this scam, quickly contact a reputable support professional or contact your email provider.
If you get burned
Getting tricked by a professional criminal does not make you stupid. This scam and others often imitate the ‘look & feel’ of real software and servers. The font family, colors, and logos are all easy to copy and many of these attacks have authentic-looking websites set up to imitate the Office 365 login. Be patient and methodical; ask for help.
More suspicious stuff to look for:
- A link or prompt for action on your part
- Microsoft links that start with “HTTP:” instead of “HTTPS:” Notice the “S”?
- Email addresses from non-business private services like gmail.com or yahoo.net
Top image by B_A from Pixabay