O365 and the Dangers of Phishing Scams

With so many of us forced to work remotely over the past year, one thing we’ve all learned is that adaptability is key. In order to adapt to the new, online environment, we’ve needed to explore alternative business tools and online solutions, trading meeting rooms for ‘Zoom rooms’. One key example of this is Microsoft Office 365. Designed to promote productivity and remote working, this cloud-based solution can be found in many businesses’ arsenals. But in everyone’s rush to move their work into the digital world, many have overlooked one key risk: the threat of cyber attacks.

Despite being used by businesses of all sizes, Office 365 (O365) has been criticised by security professionals for how easy it is for cybercriminals to take advantage of. In fact, in a recent survey by Cybersecurity company Vectra AI, it was found that 71% of over 1,000 security professionals had experienced some form of O365 attack. The most common threat to reach users is ‘phishing’.

What is Phishing?

Phishing is a form of cybercrime that typically involves a user being contacted via email, phone or text message by a cybercriminal posing as a legitimate business in order to encourage the user to share personal information. This information can range from login credentials to banking details. With O365 phishing incidents accounting for over half of all reported phishing attacks posing as official companies (as observed by Digital Risk Protection company PhishLabs), it’s no surprise that security professionals are wary.

One phishing technique commonly seen involves posing as a OneDrive notification to encourage users to share their login details. In order to improve their chances of success, there are several tricks cybercriminals practice, including:

  1. Using Microsoft branding within the email body
  2. Addressing the user in the email subject and copy to reinforce the authenticity
  3. Mimicking the victim’s O365 business login page
  4. Hosting their fake login page on an address that mimics Microsoft

Whilst not all phishing attempts make it through the email filter, in order to combat those that do, vigilance is key. Being aware of the tips and tricks practised by cybercriminals can help users identify what is and isn’t legitimate, be that emails or login pages. Another option for protecting yourself from cyber attacks is to boost your cybersecurity.

At Gemini, we provide businesses large and small with access to cybersecurity solutions to protect their sensitive information from a range of threats. Directly combatting O365 phishing attempts, we can implement multi-factor authentication to add an extra level of security to your logins. We also offer an essential backup solution that keeps your data secure whilst minimising disruption to your daily activities.

Get email updates

Your details

By signing up you agree that we can process your information in accordance with our privacy policy.

© Gemini Group
Gemini Communications Ltd is a limited company registered in England and Wales. Registered office: 11 Petteril Side, Harraby Green Business Park, Harraby, Carlisle, Cumbria CA1 2SQ. Registered number: 05245581

Contact us

Send us a message and we'll get back to you as soon as possible.

Your Details

We will treat your personal information with respect and process it in accordance with our privacy policy.

Accept Cookies