Security Breach Update
6 June 2019

Phishing Scams now targeting Microsoft O365 usersMicrosoft Office 365 users have been the target in a phishing campaign.

Users of Microsoft’s popular Office 365 software might be the victims of the latest phishing campaign making its rounds online.

Some users are receiving notifications purporting to be from “Office 365 Team” notifying recipients of an “unusual volume of file deletion” on their accounts.

When recipients click on the “View alert details” link, a fake Microsoft login page appears that captures users’ login credentials. The attackers are using Azure, a popular hosting site that makes it more difficult to distinguish questionable URLs in a phishing attack.

For Microsoft users, login screens only derive from microsoft.com, live.com, microsoftonline.com, or outlook.com. The growing sophistication of these attacks makes it even more difficult for users to differentiate a phishing attack from a real message.

However, comprehensive training can stop phishing scams in their tracks by empowering customer and employees with cybersecurity training and awareness.

Recent Breaches

Australia – Australian National University, Canberra

Exploit: Unauthorized system access.

Risk to Small Business: Severe: A sophisticated operator accessed the ANU’s systems illegally in late 2018 but the breach was only detected two weeks ago.

Risk to Exploited Individuals: Severe: There was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years. This included names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.

Customers Impacted: 200,000

New Zealand – New Zealand Treasury

Exploit: Unauthorized system access.

Risk to Small Business: Severe:  An unauthorized user gained access to the department’s network, potentially procuring sensitive budgetary information scheduled for future release. The agency has support from the National Cyber Security Centre to identify the source of the breach, and they are conducting a holistic overview of their security standards. This incident is a reminder that personal information isn’t the only valuable asset that organizations hold. Their proprietary data can be equally as valuable to hackers.

Risk to Exploited Individuals: No personal information was compromised in the breach.

Customers Impacted:  Unknown.

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
06/06/2019

Follow us on LinkedIn:

Related Articles:
SonicWall Email Filtering – Time-of-Click URL Protection
Mobile Banking Malware Increases by 58%

Written by