In The News‎ > ‎

O365 Phishing email ducks detection

posted Sep 26, 2018, 1:00 PM by Craig Cox   [ updated Sep 26, 2018, 1:03 PM ]
Security vendor Avanan has a blog post with details about a phishing scam that (at least as of mid-August) wasn't being caught by Microsoft's native filtering.  The gist of it is that there was no malicious payload, and the link went to an O365 document, which didn't trigger any warnings.  The fact that the document pretended to be an O365 login page and was collecting user names and passwords wasn't considered.

This is a great example of the constant arms race between attackers and defenders.  Microsoft will no doubt find ways to shut down this kind of scam, if they haven't already.  But every once in a while, the bad guys find a way around the automatic protections and manage to get the bait into our inboxes.

When this happens, we fall back to the same solid advice:
  • Be skeptical about unexpected links in email
  • Don't be rushed by alarmist language, artificially short deadlines, or threats
  • Never type your password into a prompt that was brought up by an email link.  Only offer your password when you came to the page from your own bookmarks or favorites.

Many thanks to all who share with us their phishing emails.  Sometimes those samples help us improve filtering or report violations.  They always keep us posted on what new things the bad guys are trying.