One of the biggest trends we’ve noticed this year — particularly with so many company employees now working form home in unprotected network environments — is the rise in sophistication and targeting of phishing scams.
We recently came across the following post on The Startup blog titled Phishing with Worms — The Greatest Password Theft I’ve Ever Seen.
“A typical phishing email comes from an email address you’ve never seen before. Granted, it might be similar to a real address you’d expect to see such as rnicrosoft.com instead of microsoft.com, but it’s rare for an address you trust to send you anything suspicious. When someone you know does send you something suspicious it’s usually rather obvious. When it happens we contact them directly to let them know there’s a problem. ‘Looks like you’ve been hacked, mate.’ We don’t fall for the scam.
In this attack, however, all of the phishing links were sent as replies to emails in the compromised account’s mailbox. This gave every email an inherited sense of trust. ‘You asked for this thing, here it is: link to phishing page’. When I realised what was happening, I was in awe. Whether done by deliberate design or not, the outcome was incredible. The conversion rates one these emails would make even the greatest of email marketers envious!”
The rest of the article is a fascinating read, and a reminder that every organization must fully and widely deploy MFA as soon as possible.
We’re experts in Azure and Microsoft 365 security and compliance and would love to help you on your journey to secure your organization.