Have you noticed that the most recent reports of email scams seem to be more personal/targeted attacks? Do you feel that scammers know you? That’s because they do know you. If you don’t believe us, just google it yourself and you will see reports of Office365 vulnerabilities, hacks and exposures. Just type “office365 security vulnerabilities” and skip paid ads section.
Do you use Office365? If the answer is yes, Digital Edge would like to raise awareness to you regarding a new upcoming way of being hacked and then be under surveillance through your email. An email attack in Office365 that involves setting up an invisible “forwarding path” rule- the hacker makes sure all your emails are directed to them as well. This can lead to:
- The attacker being able to see all your personal/business emails and conversations where he/she can get vital information on you or your business, and use it later in scams to trick you to send money to a wrong bank account or company that would be similar to your vendor or a partner.
- The attacker being able to pull money out of you, just stealing your personal information, passwords, accounts etc.,
- And when the hacker sets this up, the user is completely unaware that this “forwarding path” rule has been established.
- After gaining enough information, they will try to pose as someone they are not and trick you into giving them vital information.
The majority of people use Office365 without the thought of being hacked ever crossing their minds. Because of this, it is very easy to become victim to these attackers. And there have been very serious, very extreme cases of people and companies losing thousands of dollars to these attackers.
One of our clients noticed a possible exposure to O365 weakness and engaged us. This was their post statement:
“Digital Edge has provided exemplary technical solutions and monitoring that have provided us with an effective means of tracking attacks which utilize the recent Office 365 EWS vulnerability.” - Joseph Gruna, SVP of Information Technology
Just this week, another one of our clients experienced this same issue. [We will not be mentioning names to keep client confidentiality as requested] The client received an email from a past employee asking for an invoice. Without checking, he clicked on the link. He later confirmed with the past employee that the email was spam, but whoever send the email has already gotten all the information they needed. Later our client received a call to confirm a wire transaction of around $38,000 to a bank account in Texas. When our client tried to find the email again, it was missing. Our client came to us asking for help, where we found out that the emails relating to this scam were marked to be deleted upon arrival.
Although this issue is now resolved, our client has had dozens of people coming to him, claiming they received the same email from him. Digital Edge has seen similar and even worse case scenario’s. We are trying to make sure everyone is well aware, informed and protected against this rising issue.
These types of attacks happen every day and awareness is the first step in being protected. Other solutions can be costly; but we at Digital Edge value our client’s safety and recognize the importance of it. If you have already experienced such an attack, we can help patch up the vulnerability and ensure future safety! You can either contact us directly through our website but we encourage you to register with us for constant security updates and protection.
Solution: Digital Edge has created a way to monitor and identify hacks against Office365 and provide the Information Technology Security community with monitoring scripts and techniques to identify Office365 intrusions, email spying and hidden rules and hooks. We have created 2 types of scripts to help you:
- Script 1: After establishing a remote session with Office 365, the script filters for any emails where a hidden “forwarding path” rule is identified. It complies all the ones that have this set up and alerts the user. The user can then identify for themselves if it is legitimate or not.
- Script 2: This script will compile a report in CSV format (i.e. Microsoft excel). It functions similarly to script 1 (filters through the emails for ones that have a “forwarding path”) except it will analyze the rule and compose a fully detailed report that can be reviewed later.
Also, here are a couple of the most common types of attacks that you can also look out for in your email:
- Open an attachment that contains a virus. This attachment could be an MS Office document, executable, script, Adobe file or any other one that would “carry” a malicious script.
- Click on a link that would bring you to a website that would infect your computer through vulnerability in your web browser. Basically, any java script on the site would make the browser do things that it is not supposed to do. Such as downloading and installing a malicious code.
- Click on a link that would look like a legitimate web page and convince you to login. For example, the email would look exactly like AOL email and suggest that the user must change the password. The link in the email would look like aol.com. When clicked, it would redirect you to ao1.com but the page would look exactly like AOL. When the user logs in, the hackers would grab your password and redirect you to the legitimate AOL web site. The user thinks that he mistyped the password, login again and would not even consider that he or she just left her credentials with the malicious web site ao1.com (notice 1 instead of L).
Digital Edge understands that keeping your emails private and only for the view of the intended is very important as emails can be very topic sensitive. Knowing ways to prevent attacks as well as how to identify when there is a potential threat is crucial. If you need more technology information, Digital Edge has methodologies and tools that we give to the community for free. Also, if you need technical assistance in securing your Office365, Digital Edge is here to help! Be alert, be safe!