McAfee reports that a trio of malware kits are being actively used to target Office365 users.
The phishing emails contain a clip of audio pretending to be from a voicemail intended for the recipient. A short clip of the audio can be played within the email which contains an urgent sounding ‘um hello?…’ The user is then prompted to login to their Office365 account to hear the rest of the message. In fact, what happens is the user’s credentials are stolen by the fake login page and then they are redirected to the real Office.com login page. Having to re-enter login credentials several times is par for the course for Office365 users and will not appear unusual to the average user.
Examination of the HTML source within the phishing email reveals the dubious looking sites hosting the voicemail sample, which include soundbible.com and spectrumhosting.co.za rather than Microsoft domains.
Email is one of the main attack vectors for businesses, both for the delivery of malware and the perpetration of fraud. If attackers can obtain the Office365 credentials of key employees – such a members of the Finance or IT teams, it will be easier for them to establish a foothold in the network or pivot to attack a client’s or supplier’s network.
Security Managers can use a combination of technology solutions (such as email filtering services in the cloud) and security awareness training for staff to help them identify phishing emails before clicking on the links they contains.
“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”
Aim Ltd Chief Technology Officer (CTO)