An email phishing scam that exploited Microsoft Office 365 has recently come to our attention. Last week, a local bookkeeper’s email account was hacked. Here’s the timeline and a summary of events:
- On Friday, the bookkeeper received an email from someone that she was expecting a message from.
- She thought it looked fishy, so she replied to inquire about it. The person replied to her, and let her know that the email contained an attachment that included some important financial information. The bookkeeper was trying to collect from this person; so, she assumed it was legitimate.
- The bookkeeper opened the attachment, which then took her to a fake Office 365 landing page. She typed her 365 credentials multiple times before giving up.
- On Monday at about 10:30 am, the bookkeeper’s email account sent 450-plus emails from her mailbox. The email included her signature and business name in the subject line.
The hacker put a “delete all inbound emails” inbox rule on the mailbox, so that the bookkeeper wouldn’t receive any replies to the hundreds of emails that she sent out. This created a time lag that ensured that she wouldn’t realize that anything was out of the ordinary.
What’s most concerning is that someone had access to her mailbox for the entire weekend. For all she knows, the entire mailbox could have been downloaded and compromised. This is particularly concerning given that this employee deals with sensitive financial information.
A Proactive Cybersecurity Defense
A multi-layered approach to security is the most effective way to stay secure. Here’s a list of defenses that may have prevented this incident from occurring:
- Multi-factor authentication for all Microsoft Office 365 users would have protected the mailbox in this incident.
- Centralized tools may have stopped the email from getting to the bookkeeper’s inbox.
- Cybersecurity user training and awareness would have equipped the user with stronger detection skills. Ensure that your employees know how to identify email phishing scams. Avoid opening attachments. The more vigilant all of us are, the more likely we are to break these email phishing cycles.