Story image

Another Office 365 phishing scam hits NZ businesses

20 Sep 2017

CERT NZ has received reports of another Office 365 phishing scam that harvests credentials and sends the same email to all contacts in a victim’s address book.

The scam is making the rounds across many New Zealand businesses, CERT says.

The phishing email claims that someone wants to share a large file or photos. The file is downloadable through a link that looks like a genuine Office 365 login website.

The website asks users for their username and password. If they do so, the scammer then sends the same phishing email to all email contacts.

CERT NZ is warning businesses to be cautious of emails that ask to share a large file or photo, and often look like they come from someone who knows them.

In a recent blog, Microsoft revealed that it is using the genuine Office 365 tool to help detect, prevent and respond to threats.

Office 365 services such as Exchange Online Protection (EOP) and Advanced Threat Protection (ATP) work alongside other Microsoft technologies such as Windows Defender.

“Although phishing tricks and tactics never cease, awareness and antiphishing technologies go a long way in thwarting them. No one solution can stop all phishing campaigns,” comments Microsoft in a blog from September.

The company explains that EOP is an email filtering service that prevents against known attacks by filtering known spam, viruses and malware. Office 365 ATP is also an email filtering service that protects against unknown threats, including zero-days.

“Educating employees about phishing and encouraging the mentality of ‘when in doubt, report it out’ provide network defenders with additional telemetry for detecting large-scale phishing campaigns—including sophisticated and targeted spear-phishing attempts,” the company continues.

CERT NZ recommends that for any email, users should hover over links to see the URL before visiting the website; use multi-factor authentication; call the person to see if they have sent a file; and advise CERT NZ of the emails.

For those who have been affected by a scam, CERT NZ recommends the following actions:

- Change your email password immediately, make sure your new password is very different to the previous one, and that you haven’t used that password anywhere else. If you use the same or similar passwords for any other accounts, change those too. - Advise your IT department or your email provider that this has taken place. - Work with your IT team or IT provider to check your email logs and ensure that all access attempts to your email were legitimate and authorised.

Better data management: Whose job is it?
An Experian executive’s practical advice on how to structure data-management roles within a modern business environment.
Platform9 and Intersect partner to bring unified cloud to A/NZ
“For Intersect, Platform9 represents the single most strategic solution to a set of challenges we see expanding across the board."
Meet the future of women in IT
Emily Sopers has just won Kordia’s first ever Women in Technology Scholarship, which was established to address gender imbalance in the information and communications technology (ICT) sector.
Web design programmers do an about face – again!
Google is aggressively pushing speed in the mobile environment as a critical ranking factor, and many eb design teams struggling to reach 80%+ speed scores on Google speed tests with gorgeous – but heavy - WordPress templates and themes.
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
'Iwi Algorithm' can grow Aotearoa's mana
Ngāti Whātua Ōrākei innovation officer Te Aroha Grace says AI can help to combine the values from different cultures to help grow Aotearoa’s mana and brand – and AI is not just for commercial gain.
Dropbox brings in-country document hosting to A/NZ & Japan
Dropbox Business users in New Zealand, Australia, and Japan will be able to store their Dropbox files in-country, beginning in the second half of 2019.
Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”