Your IT Consultant

Office 365 Admins Beware – Fake Admin Alerts Coming Your Way

July 23, 2019

We recently migrated over to Office 365 and retired our on-premise Exchange server. So far, so good. The last pain-in-the-ass hurdle is trying to work with Litera to get the Metadact-e service running again with the new environment. It's not pretty, but that's the subject of another blog post or an updated section in the next version of the our Solo and Small Firm Legal Technology Guide. Even so, I'm liking Office 365, but still getting used to the different ways to secure and configure the service. One thing I like is the notifications Microsoft sends to the administrators about changes in configurations. The notifications could be for changes in administrative privileges, access to other's data or any number of security events. Apparently, the bad guys know about notifications too.

Bleeping Computer reports that there is current activity of phishing emails targeted at Office 365 admins with fake alerts. In other words they send the administrator a fake alert about a payment problem or a low-level security alert. The intent is to get the admin to click on the button or link in the message that sends them to a Microsoft login page. To add legitimacy to the login, they use Azure to host the fake login page. Trust me, it looks like the real Microsoft login page…I've seen it. If you enter your login credentials you are pwnd and getting administrator's credentials is gold.

The message to Office 365 admins is NOT to click on any link or button in an alert message. Logon to the Security and Compliance Center at https://protection.office.com and navigate to the alerts section.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com