You’ve likely heard that using Two Factor Authentication (TFA) is the best way to secure your data and accounts online. The process involves authenticating your identity through a second offline channel, either via text message or authentication app. And with 90 per cent of IT departments implementing two-factor authentication for access to cloud applications including Office 365, it’s almost inevitable in your organization.
But what do you do when cybercriminals try to use this to their advantage?
The latest cyber scheme involves spoofing an email seemingly from Microsoft’s TFA program. The email announces a mandatory enrollment in TFA for the user, and asks them to follow the link to provide their credentials. Once completed, the user has then provided their company login information to the scammer, essentially opening up your business for attack.
It may seem difficult, but there are ways to identify such emails and protect yourself.
- Understand the policiesDespite the strong suggestions, Microsoft has not made TFA mandatory for users. It has provided the option to businesses, but leaves the final decision for implementation up to the IT and management teams. If you’re not sure if you have to enroll, check with your IT department.
- Check the domain.Taking a look at the domain in the image above, it appears to come from “@twofactorauthentication.onmicrosoft.com”. Though it may seem legitimate, Microsoft will only ever send emails from a “@Microsoft.com” domain – no matter the product.
- Review the email contentIt may seem insignificant, but Microsoft will always use proper branding and formatting on their product names. If you read through the email, you can notice that “office365” is lowercase and doesn’t include spaces, which is another indication that this email is fake – since the correct formatting is “Office 365”.
As always, if you’re not sure if something is legitimate or not, reach out to your IT department for confirmation. They’ll be able to clarify for you.