Is Your Email Hacked?

Is Your Email Hacked?

Cloud Office 365 Security

Office 365 has become a big target for hackers due to it being used by thousands of businesses. We have seen an increase over the past few years of Man-in-the-Middle (MitM) attack attempts on our clients. In these types of security breaches the bad guys monitor hacked accounts (sometimes for months) looking for an opportunity to impersonate the real account user. Examples of the devastating outcomes of such attacks can be found HERE, HERE, HERE, and HERE

If you have Office 365 you can use the below steps to do a quick check to see if you have any of the common signs of a MitM attack. Other email services will have similar menu options.

Remember, it is always good practice to change your password at regular intervals throughout the year. Just make sure your password is secure.


Check Your Account

Go to http://outlook.office.com and sign in with your Office 365 credentials.

Step 1 – Click on the gear icon in upper right.

Step 2 – Click on the gear icon in upper right and then View all Outlook settings.

Step 3 – Select Mail

Step 4 – Select Rules. If you see any rules that you did not set up notify your IT department. A common rule that hackers use are moving items from your inbox to other folders such as Archive, Trash, and Junk. If you make any changes make sure to save them.

Step 5 – Select Forwarding. If you see mail going to an unknown email address that is a good sign your account has been compromised. If you make any changes make sure to save them.


Every attack profile is different and even if your account looks good always assume the treat is there. Your IT department can help minimize the risk through a combination of user training, Office 365 settings, and standard security software. Wireguided is always here to assist your organization in all matters of security. Our services include anti-phishing training, incident response, disaster recovery, and security infrastructure design.

-Tim

Phishing – Now even worse

Phishing – Now even worse

Education Security

Phishing is when hackers send emails to you posing as someone else to try and get you to click on a malicious link or attachment. As we have shown you before these spoofed emails can usually be easily spotted if you look at the full ‘From’ address. In most cases, unless the hacker has breached a trusted account, the email address will be an unknown account and only the display name will be modified to try to trick you. You can see what this looks like below.

Advanced Phishing Attacks

We are now seeing an increase in the next level of phishing where the hacker can create a ‘From’ address that looks 100% legit without having to hack the account of the company they are impersonating. You would have no way of identifying it as a fake email unless you examined the delivery information (which, unless you have an IT background, you will have no idea how to). An example of this more advanced threat is below:

Determining Real from Fake

As you can see this phishing email looks like it came from Chase Bank. The display name and email address check out. The only way an average user could see that this is a phishing attack is to hover their mouse over the ‘Download’ link in Outlook, without clicking, to see where it really goes it (Hint: it’s not Chase Bank). You will also see that the account numbers and other details do not match your real information.

As we have said many times. Employee security education is a key tool in protecting you and your business. If you would like to speak to Wireguided about our security training, both onsite and via webinar, please Contact Us.

-Tim

Office 365 Phishing Examples

Office 365 Phishing Examples

Office 365 Security

[UPDATED: 08/28/2018]

The bad guys have been targeting Microsoft Office 365 users lately with multiple phishing attacks. Below is a sample of what to be on the lookout for. I would recommend sending this article to your employees to improve security awareness.

Red flags

  • “From” email address is not a Microsoft address. Even if it does show a Microsoft address it could be spoofed.
  • It’s addressed to a generic person such as “Client” and not the recipient by name.
  • It doesn’t look polished as you would expect an email from Microsoft to be.
  • Sent with High Importance.
  • It contains an attachment. Microsoft will never send you an email with an attachment.
  • Involves a threat of data loss.
  • English may not be proper.
  • If you move your mouse on top of a link in the email without clicking in Outlook it will show where the link really goes (to the attacker’s web site).

I have highlighted these red flags in the samples below.

Sample Microsoft Office 365 Phishing Emails










-Tim