Microsoft’s Office 365 is the most popular productivity suite in the enterprise space and has enjoyed further growth as organizations have shifted to remote workflows amid the COVID-19 pandemic. As more people work remotely from home, the opportunity for phishing attacks against Office 365 has increased.
Threat actors know workers in a remote home environment may not be as protected as in the workplace. Kaspersky Lab reports on a new phishing attack against Microsoft’s Office 365. Specifically, attackers are targeting Office users through Google Docs.
It’s worth remembering back in 2019 Kaspersky said Microsoft Office takes 70% of all phishing attacks it observes. Clearly Microsoft’s platform is a target.
This phishing attack starts with a letter with a message that is vague from an unknown sender. While this should be enough to deter anyone, the letter entices victims by talking about a deposit and having “Deposit Advice”.
It’s worth noting anti-virus programs flag the letter as coming from an outside location but allows the file to pass because it is attached from a legitimate Google Docs file. Clicking the link sends Office 365 users to what appears to be a OneDrive corporate page. However, it’s not a real OneDrive page at all according to Kaspersky:
“But the screen users see is not truly a Web page; it’s a slide from a Google Docs presentation that automatically opens in View mode. The Open button on it can conceal any link at all. In this case, the link connects to a phishing page disguised as an Office 365 sign-in page.”
Ignore the Letter
The company advises users to avoid sharing or connecting with any letter that comes from an unknowns source. However, some people don’t take this advice, so Kaspersky presents the following reasons to avoid this letter:
- “Letters from external sources don’t tend to link to a company’s internal documents.
- Real financial documents are set to open for specific people, not every single person in an organization;
- The filename in the letter does not match the one allegedly stored on OneDrive;
- Google Docs does not host Microsoft OneDrive pages (see the browser address bar);
- OneDrive is not Outlook, and an Open button in OneDrive should not lead to an Outlook sign-in page;
- Outlook sign-in pages do not reside on Amazon websites (another browser address bar clue).”
Tip of the day:
Though many VPN providers have their own apps, you can in many cases connect to a VPN in Windows 10 without any third-party software. This is ideal if you have a self-hosted VPN or if you’re using a PC with restricted permissions. In our tutorial, we’re showing you how to connect to a VPN in Windows 10.