Compromising an employee's email account can be a win for any hacker, but gaining access to a domain administrator's account is like getting the keys to the castle.
In an attempt to gain access into your Office 365 admin portal, phishers are now sending fake O365 alerts to IT professionals. These email alerts are typically about time-sensitive issues that require immediate attention, such as an issue with the mail service or the discovery of an unauthorized user.
Office 365 Admin Phishing Emails
A recent example of an Office 365 admin alert mentions that your company's licensing has expired. The email then proceeds to tell the user to login to the Office 365 Admin Center in order to check their payment information.
Another recent Office 365 phishing email targeting administrators sends an alert that someone has gained access to one of their user's email accounts. It then prompts the admin to "Investigate" the issue by logging in.
As expected, when the link is clicked in these emails the user is brought to a fake landing page, asking them to enter their Microsoft login credentials. Using Azure and a windows.net domain attempts to add legitimacy and disguise the attack.
To make it more convincing, these phishing landing pages appear to be hosted on Azure using a security certificate from Microsoft as shown below.
If the admin falls for this scam and enters their credentials in the page the hacker could gain access to the Office 365 admin portal. The amount of damage that could be done with this level of access could be devastating.
Nobody falls for these scams, right?
You may be saying to yourself that no IT admin would fall for these scams. And while we agree that most trained IT professionals know better, there are many situations where this phishing scam does in fact work.
Many network and email admins, especially in small businesses, were not properly trained to be IT Admins and possibly were placed into these positions because the company did not have a dedicated IT resource. Likewise, another common scenario we've seen is that some organizations give administrative access to users that simply do not need it, which creates more opportunity for compromise.
So what can be done?
If you believe your Office 365 environment is missing key security components or could be better configured, contact us today to discuss our Office 365 management and support options. We have a team of Microsoft cloud experts and offer a few levels of support depending on your business needs.
Looking to make the most of your Office 365 investment? Check out our Modern Workplace Solutions page to learn about some of the tools that you may already have access to with your O365 software subscription.