Latest Phishing Scam Spoofs Mandatory Office365 Two-Factor Authentication

How To Prepare Your Employees For Remote Work
February 12, 2019
https://images.techhive.com/images/article/2017/01/alert-hacking-threat-detected-100704702-large.jpg
You’ve Been Hacked. Now What?
February 20, 2019

Latest Phishing Scam Spoofs Mandatory Office365 Two-Factor Authentication

You’ve likely heard that using Two Factor Authentication (TFA) is the best way to secure your data and accounts online. The process involves authenticating your identity through a second offline channel, either via text message or authentication app. And with 90 per cent of IT departments implementing two-factor authentication for access to cloud applications including Office 365, it’s almost inevitable in your organization.

But what do you do when cybercriminals try to use this to their advantage?

The latest cyber scheme involves spoofing an email seemingly from Microsoft’s TFA program. The email announces a mandatory enrollment in TFA for the user, and asks them to follow the link to provide their credentials. Once completed, the user has then provided their company login information to the scammer, essentially opening up your business for attack.

It may seem difficult, but there are ways to identify such emails and protect yourself.

  1.  Understand the policiesDespite the strong suggestions, Microsoft has not made TFA mandatory for users. It has provided the option to businesses, but leaves the final decision for implementation up to the IT and management teams. If you’re not sure if you have to enroll, check with your IT department.
  2. Check the domain.Taking a look at the domain in the image above, it appears to come from “@twofactorauthentication.onmicrosoft.com”. Though it may seem legitimate, Microsoft will only ever send emails from a “@Microsoft.com” domain – no matter the product.
  3. Review the email contentIt may seem insignificant, but Microsoft will always use proper branding and formatting on their product names. If you read through the email, you can notice that “office365” is lowercase and doesn’t include spaces, which is another indication that this email is fake – since the correct formatting is “Office 365”.

 

As always, if you’re not sure if something is legitimate or not, reach out to your IT department for confirmation. They’ll be able to clarify for you.

 

Comments are closed.