Office 365 Admins are Being Targeted in a New Phishing Campaign

Office 365 Admins are Being Targeted in a New Phishing Campaign

July 23, 2019

Access to any email account can lead to a payday for cyber criminals. But not all email accounts are created equal. Domain Administrator accounts have high levels of access and are becoming specific targets of phishers.

Admins make great targets because of what can be accomplished if an attacker gains access to one of these accounts. Office 365 admins can change passwords, create new accounts, read other user’s emails and even send email as any member of the organization.

Phishers have recently started rolling out targeted campaigns to steal admin credentials. These campaigns utilize fraudulent, but convincing, Office 365 admin alert emails. Office 365 admins typically receive legitimate alerts about things like unauthorized access or if email services are impacted. Since these fake emails look so much like the real thing, some admins are falling prey and providing attackers with their credentials, opening a serious security hole.

Above is an example of one of the fake emails being used in this campaign. This email states that someone has gained access to one of the accounts in the environment. The email appears to come from a legitimate Office 365 address, but this can be spoofed to make the email appear more convincing. It then asks you to “investigate” the issue. When you click on the “investigate” button you are taken to a familiar Office 365 sign in page as seen below.

The URL of the site above shows that this site is not hosted by Microsoft or Office. The attackers are hoping that you do not check the site address and just login like normal. These sites will record the user name and password entered and redirect you to a legitimate Microsoft page to further the ruse. Once they have admin access, the attackers can do serious damage.

As an Office 365 admin, it is crucial to scrutinize every email and link that comes into your inbox. Especially those that ask or prompt for credentials. In addition to being critical of the emails you receive, you can take extra steps to protect your Office 365 account.  Complex passwords, frequently changing passwords and setting up two-factor authentication can bolster your Office 365 security.