Microsoft 365 is seeing a spike in users being caught out by a new type of email phishing attack. The attack begins with a user being sent a perfectly innocent looking email containing a link. Clicking the link allows hackers to gains access to their M365 account and data.
Previously, common email phishing scams tricked users into entering their login details (username and password) via a fake login screen. The scammers would then have logins but unable to access accounts without MFA (Multi Factor Authentication) in the form of a PIN Code being sent via email, SMS or Authentication App.
Until now, MFA (Multi Factor Authentication) has been robust in thwarting 99.9% of these types of threats. Unfortunately, hackers have evolved their skills and techniques to circumvent this security. This has led to a rise in M365 accounts getting hacked.
HOW CAN WE HELP?
Being cyber aware is obviously a key factor for keeping your business secure online. Being able to identify scams is an essential skill but not always possible.
One of the best ways to guard against this type of threat is to upgrade your M365 licences to Business Premium. This provides the following protection not included in M365 Business Standard
Country Blocking
We block account access to specific countries
Conditional Access
Only devices enrolled can access the data
Microsoft Defender for Office 365
A cloud-based email filtering service that helps protect your organization against advanced threats to email and collaboration tools, like phishing, business email compromise, and malware attacks.