Story image

Another Office 365 phishing scam hits NZ businesses

20 Sep 17

CERT NZ has received reports of another Office 365 phishing scam that harvests credentials and sends the same email to all contacts in a victim’s address book.

The scam is making the rounds across many New Zealand businesses, CERT says.

The phishing email claims that someone wants to share a large file or photos. The file is downloadable through a link that looks like a genuine Office 365 login website.

The website asks users for their username and password. If they do so, the scammer then sends the same phishing email to all email contacts.

CERT NZ is warning businesses to be cautious of emails that ask to share a large file or photo, and often look like they come from someone who knows them.

In a recent blog, Microsoft revealed that it is using the genuine Office 365 tool to help detect, prevent and respond to threats.

Office 365 services such as Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) work alongside other Microsoft technologies such as Windows Defender.

“Although phishing tricks and tactics never cease, awareness and antiphishing technologies go a long way in thwarting them. No one solution can stop all phishing campaigns,” comments Microsoft in a blog from September.

The company explains that EOP is an email filtering service that prevents against known attacks by filtering known spam, viruses and malware. Office 365 ATP is also an email filtering service that protects against unknown threats, including zero-days.

“Educating employees about phishing and encouraging the mentality of ‘when in doubt, report it out’ provide network defenders with additional telemetry for detecting large-scale phishing campaigns—including sophisticated and targeted spear-phishing attempts,” the company continues.

CERT NZ recommends that for any email, users should hover over links to see the URL before visiting the website; use multi-factor authentication; call the person to see if they have sent a file; and advise CERT NZ of the emails.

For those who have been affected by a scam, CERT NZ recommends the following actions:

- Change your email password immediately, make sure your new password is very different to the previous one, and that you haven’t used that password anywhere else. If you use the same or similar passwords for any other accounts, change those too.
- Advise your IT department or your email provider that this has taken place.
- Work with your IT team or IT provider to check your email logs and ensure that all access attempts to your email were legitimate and authorised.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."