Blog Layout
Office 365 hacking: What you need to know
Apogee Compliance Group • Jan 22, 2020
Recent Posts
The question of monitoring your employees’ computers is a tricky one. Some say such a practice is unethical. But it can also be a way to prevent data breaches. Find out the pros and cons of monitoring your employees’ online behavior by reading this blog. And should you decide your business needs employee monitoring, we […]
Advances in IT have transformed paper medical records into digital files that can easily be accessed and stored. Sadly, this development has also resulted in sensitive healthcare data, or personal health information (PHI), becoming a bigger target for hackers. Because of this, healthcare providers must remain vigilant against all forms of cyberattacks. From financial information […]
Cutting costs is great for business, but only if doing so does not result in lower-quality products or services. You can achieve this kind of compromise in your IT system, too. Instead of investing in expensive computer hardware, you can opt for affordable but powerful thin and zero clients. What are thin and zero clients? […]
Most people don’t question the padlock icon that sometimes appears in their web browser’s address bar. If you’re one of those who didn’t know, it’s a security feature that authenticates websites and protects the information users submit to them. Another indicator you’re in a secure site is the HTTP before the site’s URL. But why […]
IT services are more critical than ever before, proving their value in the face of a health crisis and the abrupt shift to remote working. Here are some ways managed IT services providers (MSPs) are helping small companies leverage technology to support their remote teams and go about business as usual. Providing infrastructure and service […]
If you have an Android device, be careful! An exceptionally dangerous Android malware known as DEFENSOR ID is currently making the rounds in the Google Play Store. The malware exploits the Accessibility Services in an Android device to evade detection by traditional security measures. This threat can put your data and business in jeopardy, so […]
Residential Wi-Fi connections are slower and less reliable than enterprise-grade ones. But now that more people have shifted to remote work, having a fast and stable wireless connection at home is more important than ever. What can you do to ensure you don’t suffer dropped Wi-Fi signals while you’re in a videoconference or finishing up […]
With the COVID-19 pandemic, many business owners are cutting costs and jeopardizing their organization’s efficiency as a result. If you want to avoid this outcome, you should invest in cloud technology. The cloud will not just help you save money, but it will also help your business run more efficiently. Ensuring continuity and efficiency with […]
Many small- to medium-sized business (SMB) owners never expect a major crisis to hit their company and are often caught flat-footed when it does. Such events can cause downtime, which can lead to lost revenue and reduced profits. In addition, SMBs that fail to recover quickly from disruption face the risk of losing their customers […]
When it comes to cybersecurity, you probably think of protecting computers, apps, or online databases first and printers last. Precisely because they’re overlooked in, printers can be exploited by hackers and used as a gateway to infiltrate your systems. Secure your networks against intruders by following these steps. What makes business printers vulnerable to cyberattacks? […]
With over 150 million active subscribers, Office 365 is, unsurprisingly, on top of hackers’ minds. And now, hackers are using a technique that doesn’t even require users to give up their credentials. Learn how they do it and get protected.
A phishing scam that harvests users’ credentials
The latest cyberattack on Microsoft Office 365 involves harvesting users’ credentials. Scammers use this previously unseen tactic by launching a phishing message to users, asking them to click on an embedded link. What makes this scam more insidious than traditional phishing scams is that the URL within the message links to a real Microsoft login page.
How does it work?
The phishing message resembles a legitimate SharePoint and OneDrive file-share that prompts users to click on it. Once they do, they are taken to an Office 365 login page where they will be asked to log in if they haven’t already.
After they’ve logged in, they’ll be prompted to grant permission to an app called “0365 Access.” Users who grant permission effectively give the app — and the hackers behind it — complete access to their Office 365 files, contacts, and inbox.
This technique can easily trick lots of users since the app that requests access is integrated with the Office 365 Add-ins feature. That means that Microsoft essentially generates the request for permission. No, Microsoft is not aiding hackers to breach systems. Rather, the scam is made possible by a feature that allows users to install apps that are not from the official Office Store.
Ways to protect your Office 365 account — and your business
Given their fairly advanced approach, these scammers could effortlessly prey on careless employees. There are ways to make sure that doesn’t happen.
- Always check the email’s sender account before clicking on any link or granting apps access.
- Implement a policy that prevents staff from downloading and installing apps that are not from the Office Store.
- Regularly conduct security awareness training that covers essential cybersecurity topics. Educate employees on how to spot phishing scam red flags (e.g., unknown senders, grammatical and typographical errors, suspicious requests, and the like). Increase their knowledge about more sophisticated attacks and keep everyone informed about current and future cybersecurity risks.
Successful attacks could result in an unimaginable catastrophe to your company. For tips on how to spot this and other nefarious scams and how to plan thorough security practices, contact our experts today.
The question of monitoring your employees’ computers is a tricky one. Some say such a practice is unethical. But it can also be a way to prevent data breaches. Find out the pros and cons of monitoring your employees’ online behavior by reading this blog. And should you decide your business needs employee monitoring, we […]
Advances in IT have transformed paper medical records into digital files that can easily be accessed and stored. Sadly, this development has also resulted in sensitive healthcare data, or personal health information (PHI), becoming a bigger target for hackers. Because of this, healthcare providers must remain vigilant against all forms of cyberattacks. From financial information […]
Cutting costs is great for business, but only if doing so does not result in lower-quality products or services. You can achieve this kind of compromise in your IT system, too. Instead of investing in expensive computer hardware, you can opt for affordable but powerful thin and zero clients. What are thin and zero clients? […]
Most people don’t question the padlock icon that sometimes appears in their web browser’s address bar. If you’re one of those who didn’t know, it’s a security feature that authenticates websites and protects the information users submit to them. Another indicator you’re in a secure site is the HTTP before the site’s URL. But why […]
IT services are more critical than ever before, proving their value in the face of a health crisis and the abrupt shift to remote working. Here are some ways managed IT services providers (MSPs) are helping small companies leverage technology to support their remote teams and go about business as usual. Providing infrastructure and service […]
If you have an Android device, be careful! An exceptionally dangerous Android malware known as DEFENSOR ID is currently making the rounds in the Google Play Store. The malware exploits the Accessibility Services in an Android device to evade detection by traditional security measures. This threat can put your data and business in jeopardy, so […]
Residential Wi-Fi connections are slower and less reliable than enterprise-grade ones. But now that more people have shifted to remote work, having a fast and stable wireless connection at home is more important than ever. What can you do to ensure you don’t suffer dropped Wi-Fi signals while you’re in a videoconference or finishing up […]
With the COVID-19 pandemic, many business owners are cutting costs and jeopardizing their organization’s efficiency as a result. If you want to avoid this outcome, you should invest in cloud technology. The cloud will not just help you save money, but it will also help your business run more efficiently. Ensuring continuity and efficiency with […]
Many small- to medium-sized business (SMB) owners never expect a major crisis to hit their company and are often caught flat-footed when it does. Such events can cause downtime, which can lead to lost revenue and reduced profits. In addition, SMBs that fail to recover quickly from disruption face the risk of losing their customers […]
When it comes to cybersecurity, you probably think of protecting computers, apps, or online databases first and printers last. Precisely because they’re overlooked in, printers can be exploited by hackers and used as a gateway to infiltrate your systems. Secure your networks against intruders by following these steps. What makes business printers vulnerable to cyberattacks? […]