According to Abnormal Attack, hackers are now sending phishing emails to small businesses that expect financial relief due to the effects of COVID-19. They’re primarily targeting enterprises with Office 365 accounts.
Malicious actors target Office 365 accounts
The attackers are after SMBs that have applied for COVID-19 relief from the government. In the attack, the target receives an email sent from a Dropbox account, which is a legitimate domain. The message contains a link to a document on a Dropbox download page. However, clicking on download takes the potential victim to another page with an Office 365 image. But the user has to supply their Microsoft account credentials to access the document. Since the O365 page is fake, it’s just a means for the attacker to collect the victim’s user name and password. Nearly 5000 email accounts have received the phishing email. One of the reasons why the attackers may succeed is that they’re offering correspondence that the victim expects. Similarly, the malicious players are impersonating the government as well as using a legitimate launching platform, Dropbox. Legitimate tech companies are improving their productivity tools in different ways against the backdrop of the COVID-19 pandemic. For example, Microsoft is optimizing its workforce collaboration tool, Teams, to cater to the needs of its over 44 million daily users, including remote workers. However, not every actor in the tech industry is looking at COVID-19 from that perspective. So, companies and individuals need to not only stay vigilant, but also keep securing their enterprise and personal data. Have you ever used Dropbox or Office 365? Feel free to share your experience or ask any questions in the comments section below.
SPONSORED
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
