Phishing Aimed at SaaS - Office 365
The days of simply going after your credit card or banking account are still here. However, there is a developing trend of phishing attacks targeting you SaaS (Software as a Service) online services. "Office 365 and G Suite overtook financial institutions as the top phishing target." According to Forbes.
These new phishing attacks are not new and look and feel like a fake email always has. Instead of impersonating banks, credit card companies, or financial institutions in general; they are attacking Dropbox, Slack, Office 365, and G Suite type online services.
These phishes have largely been effective because a single compromised Office 365 account can grant access to the files of an entire organization and any email in that account. Once in a single account with single sign on a hacker can embed themselves and send countless malicious emails to others in the company and clients of the company. Single sign on is the ability to sign on to one account, Office 365 or G Suite, a hacker could log into to other SaaS services.
What can you do? Turn on multifactor authentication across your organization, across all accounts NOW! This is considered the absolute minimum you can do to ensure security online.
Security is a particular sweet spot for us at ITConnexx. Contact us to discuss Dark Web Monitoring, Password Keepers, Multifactor Authentication, and all of our other services to protect your business and your way of life.