Censornet Comment: Office 365 Users Being Targeted in Phishing Attacks
August 2021 by Richard Walters, Chief Technology Officer at Censornet
Following the news that Office 365 users are being targeted in new phishing attacks, Richard Walters, CTO at Censornet, offers the following comment;
“Phishers are getting better and better at crafting convincing scam emails and building malicious websites which look totally legitimate – and the world’s one billion Office 365 users are an obvious target.
“There is a common misconception that the security that is built into Microsoft Office 365 provides a good level of protection, but incidents such as this one show this is simply not the case.
"Phishers’ tactics are cruel but effective. CEO fraud is one popular type of scam that can be extremely difficult to defend against using traditional security systems due to its multi-channel nature. Also known as Business Email Compromise, this variety of phishing attack involves crafting messages which look like they come from a senior member of staff.
“Email defence systems will detect and block malicious attachments, so attackers instead place links in emails that draw people out of their inboxes and into cloud apps or dangerous websites. Victims are lured away from the protection of email security and into spaces where cloud or web security is needed to protect them.
“Many security solutions don’t offer the correct range of services to cope with these multi-channel attacks. Cybercriminals know this.
“The best way to be prepared for modern, multi-channel phishing is to use a cybersecurity platform which offers web, cloud and email security systems as well as CASB and other services.“