A new phishing ploy is doing the rounds, pretending to be from Microsoft Teams. The user receives a bogus message notification, which redirects to a fake login page to steal Office 365 credentials. Stay safe under lockdown and avoid getting caught by phishing scams.
Phishing attacks are growing
Under lockdown, cloud based file sharing and conference tools have become a vital element of day to day operations. Cyber criminals are taking advantage of this and are actively targeting key online resources. Like Microsoft Teams, Zoom has also been the subject of phishing campaigns. Recently, Sophos Labs reported fake emails from HR teams, which direct users to a false Zoom login page that tries to steal email passwords.
Many of these platforms have seen a spike in growth, with Microsoft Teams increasing its daily users from 44 million to 75 million, while Zoom now has 300 million daily meeting participants. Lack of familiarity with the software can make new users more vulnerable to phishing attacks.Remote working means people may also be more likely to click on these links to stay connected professionally and socially.
A report from KnowBe4 found a 600% increase in phishing attacks in the last quarter, with a coronavirus phishing campaign being the second most common. Google recently announced it is blocking 18 million COVID-19 related phishing emails every day and has said it may be the most popular topic ever used for phishing. The National Cyber Security Centre has issued advice for dealing with suspicious emails and has established a new reporting service for people to forward phishing emails, in a bid to block the emails or take the redirected pages offline.
The increase in phishing attacks comes at a time when many cyber security teams feel unable to perform their jobs effectively from home. Research from the Information Systems Audit and Control Association (ISACA) shows that 59% of cyber security teams do not feel they have access to the right resources when working remotely. Meanwhile, only 51% of business leaders and cyber professionals felt prepared to detect and respond to the increased threat level.
Protecting your business
The fraudulent nature of a phishing attack can also have a major impact on an organisation. The 2020 Cyber Security Breaches Survey 2020 found that, of the businesses that experienced an attack last year, 67% rated phishing as the most disruptive. But beyond the social engineering element, 91% of all cyber attacks start with a simple email. Cyber attacks are expensive and last year IBM found the average total cost of a data breach to be $3.92 million.
Now is a good time to review your processes to reduce the risks around phishing. This includes reviewing the frequency of testing, training and awareness programmes. Key considerations include:
· What security measures do you currently have in place for phishing and smishing?
· What process should employees follow when they receive a text message or email that they don’t believe is genuine?
· How often are you testing all employees to make sure that the latest techniques used by threat actors are understood and upheld - such as faking the caller ID on messages?
· What training is provided to those who follow malicious links through either simulated threat exercises or genuine attacks?
· Is it clear to employees who they should contact or alert to raise the alarm? Whether via email, creating support tickets, or calling the IT Help Desk.
· Are staff confident and assured that if they do follow a link that they later feel might have been bogus, they won’t be penalised for raising the alarm?
· Are the results from regular phishing and smishing exercises being passed up to management and raised as part of monthly and quarterly discussions on your cyber security posture?
· Are employees given hands-on, interactive training where they can visualise known attacks and not simply select multiple choice answers?
· Do you use multiple different types of templates that someone would expect to see when simulating phishing and smishing attempts? This is important as insider threats may send phishing emails that seem more familiar to the recipient and so will be more convincing.
Improving awareness and familiarity with common phishing methods can reduce the risks of a successful attack. The best defence is regular, up to date training and spreading the word on popular scams - especially those posing as technologies directly used by your organisation.
What makes these phishing attacks special is the cloning of Microsoft Teams alerts instead of creating them from scratch using mismatched imagery collected from all over the place and content riddled with typos and grammar mistakes.