Australians have been told to keep their eyes peeled for signs they have been targeted by a huge email scam, which could cause “catastrophic damage”.
The Office 365 scam has targeted millions of users across 62 countries in a bid to attack businesses, Mailguard warned in a blog post on Friday.
“The phishing attacks are executed by hackers who pose as employers and other trusted senders in emails sent to users of Office 365. The messages contain attachments that, when clicked, prompt users to grant access to a web application that resembles those “widely used in organisations,” the cybersecurity service said.
The problem is, the applications are malicious and allow hackers into users’ email accounts and they can then access valuable data.
Earlier in July, Microsoft itself had warned about the scam, describing it as a “sophisticated, new phishing scheme”.
“These cybercriminals designed the phishing emails to look like they originated from an employer or other trusted source and frequently targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and redirect wire transfers,” Microsoft said.
“When the group first began carrying out this scheme, the phishing emails contained deceptive messages associated with generic business activities. For example, the malicious link in the email was titled with business terms such as “Q4 Report – Dec19,” as seen below.”
Other scam emails prey on victims’ desperation, using terms like “Covid-19 bonus”.
“Everyday, my team at MailGuard continues to intercept similar phishing attacks spoofing Office 365,” Mailguard CEO Craig McDonald said.
“These are becoming more targeted, complex and pernicious. These attacks come at a time of heightened cyber-risk, in a climate where phishing scams exploiting the Covid-19 crisis are exploding throughout the world.”
He noted Google reports that it intercepts 18 million Covid-19 scams every day. The Australian Cyber Security Centre last week also warned of a significant jump in Covid-19 scams.
“Cybercriminals are on the move and are continuing to launch attacks of great magnitude. Global susceptibility to phishing is continuing to make the approach an attractive technique for cybercriminals, especially amid all the disruptions posed by the ongoing Covid-19 pandemic, and you can bet these attacks are only going to get worse,” he said.
He said businesses need to register the threat and move to mitigate it by increasing their software defence and training staff to better spot these scams.