Beware of spear phishing attacks

Fraudster email attacks in Office 365 are becoming increasingly sophisticated – often appearing to be sent from a business, organization, or individual the victim regularly communicates with.

These fictitious emails contain links or attachments that redirect the victim to a fake login page asking for their email username and password. Once the information is entered, fraudsters then use the stolen credentials to log into Office 365 and send fraudulent emails to the victim’s contact list, perpetuating the scam. Databias has also seen the interception of email communications between legitimate parties, silent aliases added to accounts and fraudulent requests for invoice payments.

Be vigilant! Emails containing hyperlinks or attachments that require actions by you should be carefully vetted before proceeding. If you are unsure if an email you received is legitimate, do not click on any links, attachments, or provide any information.

Signs to look for your account may have been compromised include:

  • Expected emails are not coming through
  • Emails in your sent folder were not sent by you
  • An Out of Office message has been turned on that you did not set up

If you think you may have fallen victim to a scam:

  1. Immediately contact your IT support team.
  2. Reset your user username and password.
  3. Disable any forwarding rules or rules that move messages to the deleted folder.
  4. Screen your computer and network for malware.

How to protect yourself and your organisation from phishing attacks

  • Educate yourself, your employees and friends and family that may use your computer to be careful when browsing the internet and accessing email.
  • If you are unsure where an attachment or link leads or if it is legitimate, do not click on it or provide personal or financial information.
  • Make sure users know who to alert if they feel they may have fallen victim to a scam.
  • Ensure that you use complex passwords that are at least 8 characters long, use uppercase and lowercase letters, use special characters and make sure you don’t reuse the same password over and over again. Change your password frequently.
  • Use Advanced Threat Protection, an add-on to Office 365 that scans attachments and e-mail links for malicious content. It also helps identify potential phishing and spoofing scams.

Neither Microsoft nor Databias will ever

  • Email you to change your password
  • Send you an email to verify your username and password to keep your Office 365 account Active
  • Send you an email that your account is about to Expire and you will need to input your credentials
  • Send you an email that you need to activate your Office 365 account by inputting your credentials
  • That your mailbox has reached its quota and you need to input your credentials to clean up your mailbox

Related KB articles