Office 365 email phishing has increased significantly.
The senders of phishing emails may ask that you update your Office 365 credentials via a link that directs you to a phishing website. The email can also contain, for example, a notification from a courier service on an arrived shipment and the sender asks for your Office 365 credentials in order to give you more information.
Fraudsters use hacked email accounts for sending new phishing messages to all of the victim’s contacts, and also for sending fake bills and committing other frauds. Incoming messages to hacked email addresses may be redirected to outside addresses, or to a certain folder, without the user noticing it.
How to recognise a fraud and protect yourself
- The National Cyber Security Centre Finland recommends using multi-factor authentication with all connection methods, even if this prevents the compatibility of older devices. The end user often cannot change the settings of an email address administered by a company – if this is your case, turn to your organisation’s Office 365 system administrator.
- If you receive the same email twice, pay special attention to the content or appendices of the message.
- If a known originator's account number or any other detail changes suddenly, we recommend that you make sure the state of affairs by phone. Do not use the contact details in the email but check the contact details from a reliable source.
- Do not agree on anything over the phone if you are not sure with whom you are talking.
- Educate your employees about the organisation's billing practices and advise them to be very accurate in making payments.
- Talk through any situations related to CEO fraud and bogus invoices and prepare for them. It is also advisable to examine the company's contractual partners inhouse so that the employees know with whom they are doing business. Also agree on who is the one in your company accepting new agreements and orders.
- If the recipient of the phishing email message, for example, asks the sender a more specific reason for the payment, such enquiries are usually not answered.
What to do if fraud or attempted fraud has occurred:
- If the fraudster succeeds in the attempt for a money transfer, immediately call the bank:
- Payment services for large corporations, tel. 010 252 7700, Mon–Fri 8 am–4.30 pm, or
- Corporate and Payment Services, tel. 0100 05151, Mon‒Fri 8 am‒10 pm
- Contact your payment services manager even if the fraud only remains an attempt!
- If fraudsters have registered a domain that violates your company’s trademark, report it to the Finnish Communications Regulatory Authority, cert(at)ficora.fi
- File a request for investigation with the local police.
- Forward the phishing email message you have received to tietoturvailmoitukset(a)op.fi
- Instructions of the Finnish Communications Regulatory Authority (June 2018) against Office 365 phishing (in Finnish)
- Instructions of the Finnish Communications Regulatory Authority on preventing the bypassing of multi-factor authentication (in Finnish)
- Warning from the Finnish Communications Regulatory Authority of increased Office 365 phishing (in Finnish)
- National Cyper Security Centre's alert 2019