Don’t judge a phishing attack by its cover

April 26th, 2019
Don’t judge a phishing attack by its cover

Yesterday, Kevin Beaumont, a security architect from Liverpool, England, tweeted this:
kevin beaumont tweet

Microsoft Forms, one of Office 365’s newer products, allows users to create surveys, polls, and quizzes. The tool itself allows better collaboration, measurements, and feedback. Recently, however, a phishing attack was created through Forms.

As you can tell, the link takes you to what looks like a proper login screen. The colors and formatting are perfect. Imagine this: you’re having a busy day, and an urgent email pops up in your inbox. You hesitate for a split second but see that the URL of the page is safe – it starts with “forms.office.com.” So, of course, you click it. Now, you enter your information, and boom—your entire company’s data has just been compromised.

The way these phishing attacks work is that criminals nowadays know how to get past the Sender Policy Framework by using an internal site (Microsoft Forms). Because the sender’s domain name is safe, emails can easily get through to any employee’s inbox.

It doesn’t look like attackers are going to stop any time soon, so take action today to avoid putting your company at risk. We strongly encourage you to get a security assessment to identify all your vulnerabilities. Our Security Team Lead, Dave Carey, says, “Employ a Defense-in-Depth strategy. No one control stops everything!”

Share this article with your employees to raise awareness and look out for more blogs and news from us!

If you want to learn more, click here to sign up for our risk and security assessment.