Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Phishers Target Office 365 Admins with Phony Admin Alerts

July 24, 2019

Bleeping Computer posted on July 21 the obvious truth that compromising an employee's email account can be profitable for BEC scammers and for distributing malware but being able to gain access to an email domain's administrator account is a jackpot.

Phishers targeting admins are becoming more popular due to the greater range of attacks than can be conducted through an admin account. With admin credentials, attackers can potentially create new accounts under an organization's domain, send mail as other users, and read others user's email.

To gain access to an administrator's account, phishers have started creating campaigns disguised as Office 365 admin alerts. These alerts will typically be about time-sensitive issues that require an admin's immediate attention such as an issue with the mail service or unauthorized access being discovered.

An example of a fake alert found by Bleeping Computer is one that says an organization's Office 365 licenses have expired. The email then proceeds to tell the user to login to the Office 365 Admin Center in order to check their payment information.

As expected, when you click on the links in these emails you will be brought to a phishing landing page (a very good likeness of the real thing) that prompts you to enter your Microsoft login credentials.

If an admin falls for this scam and enters their credentials in the page, they will be stolen by the attackers. Unless that account has some sort of 2-factor authentication enabled on it, the attacker would be able to gain access to the Office 365 admin portal.

Veteran network and mail admins probably won't be fooled.

Unfortunately, many network and mail admins are not properly trained to be IT Admins and were simply thrust into this position because the company couldn't afford a dedicated IT admin. This happens a lot in small law firms and other entities. Make sure, if you have such IT admins, that they are aware of these kinds of attacks!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Phishers Target Office 365 Admins with Phony Admin Alerts

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer