Scammers are Getting More Sophisticated All the Time
Scams aren’t anything new – in fact, the concept of tricking someone (or some business) out of their money has been around for quite some time, dating back to the late 18th century. The modern scam has more in common with the Spanish Prisoner Scam of the 19th century, wherein businessmen were contacted by an individual allegedly trying to smuggle an individual connected to a wealthy family out of prisons in Spain. Of course, within the digital era we currently find ourselves entrenched, scams have evolved to take advantage of technological vulnerabilities, allowing those on the scamming end to become more sophisticated with every attack.
Thus, it has become increasingly difficult to spot scams, making email and web security a higher priority than ever. Case in point: Just recently, a DMS iTech customer was targeted by a phishing attack that was, fortunately, nipped in the bud as the initial link sent was immediately identified as being illegitimate. Though this is just one example of the extremes scammers are going to these days, we thought it prudent to keep you abreast of what’s going on out there.
Upon analysis of this particular attack by our engineers, the following describes how the attack manifests itself:
- A website link is presented, either via an email or on a website, and appears to be completely legitimate.
- When clicked, the link prompts the user to enter his or her Office 365 credentials (username and password) into a login screen that, too, looks legitimate but which actually belongs to the attacker/phisher.
- Upon entry of one’s credentials, his or her Office 365 account is immediately compromised.
The point we’d like to stress here is that these kinds of attacks are tricky to spot, and the attackers/phishers behind them are getting more inventive with regard to their craft. Making matters worse is the fact that if you’re in a hurry, it is even more difficult to tell the difference between a legitimate and illegitimate link at a glance.
To be sure, a safe link will look something like “https://login.microsoftonline.com/common/oauth2/authorize?client_id…” (noting that the legit URL is login.microsoftonline.com), while a malicious link will look more like “https://something_normal_sounding_.blob.core.windows.net/$web…” (noting that the illegitimate URL includes windows.net).
The URL of “windows.net” is not what Microsoft uses for Office 365 authentication – so if you see any logins of this sort, close the page immediately. If you are uncertain of a link’s authenticity, do not hesitate to contact DMS iTech to have it analyzed.
What DMS iTech Customers Should Know
Even if you’re using two factor authentication (2FA), you are still at risk. Scammers are starting to mimic the 2FA screens and while they don’t function like legitimate 2FA, they can be misleading and trick someone into thinking they are interfacing with a legitimate website.
A Complex and Evolving Challenge
Phishers are very good at creating scenarios that maximize the likelihood that people will respond – in other words, they tend to instill a sense of panic and urgency by pretending they’re some kind of authority figure within an organization to create an emotion of crisis. We have even seen instances when these cyber-criminals focus on the potential negative impact resulting from a failure to respond.
To this end, we encourage all our customers to ask for a second opinion when receiving a suspicious email or website link, as an approach such as this can ensure folks feel encouraged and empowered to report suspicions – a vital element in cyber-security maintenance.
DMS iTech: Keeping Unwanted Virtual Predators Away
As a trusted IT adviser for a plethora of clients, DMS iTech is committed to helping businesses succeed, and this includes defending them from ever-evolving scammers via phishing attacks. From automating, modernizing and smoothing out Office 365 experiences to powerful antivirus protection, backup services, server maintenance, infrastructure monitoring and much more, DMS iTech is changing the way companies keep unwanted virtual predators off their “front lawns.”
Get in contact with us today if you have been experiencing an unusual amount of spam, emails of a suspicious nature or any other abnormal activity, and take advantage of our email and web security expertise.