With 180 million active users it's no wonder that Microsoft Office 365 has caught the attention of online criminals. According to Microsoft, one in five business workers are now using an Office 365 cloud-based service, with adoption particularly popular in the financial services and manufacturing sectors. And these industries, of course, can provide rich pickings for cybercriminals.
So, it's no surprise to me to learn that phishing attacks targeting Office 365 users outstrip the attacks seen against the likes of Netflix and PayPal, or online banks.
What makes phishing attacks against Office 365 more threatening, of course, is that they're not just after a user's login credentials.
Instead, attackers frequently want to exploit their unauthorised access to an Office 365 account by sending messages from the legitimate account to the victim's business partners or colleagues. A stolen Office 365 password may only raise a tiny amount of money if sold on an underground cybercrime forum compared to the fortunes that can be made through a Business Email Compromise (BEC) attack that requests money be wired to an overseas bank account.
No comments:
Post a Comment