Use Microsoft 365? Read this now

Sophisticated phishing campaign targets Microsoft users
Mark Hoffmann

By Mark HoffmannKENOSHA.COM

A leader in the IT industry for nearly three decades, Hoffmann has helped small and large businesses take advantage of technology to better serve their customers and employees. Hoffmann is owner of CMIT Solutions of SE Wisconsin.

So, just what is phishing?

Recently, one of my business customers asked me about phishing. He had read a recent alert from Microsoft about this sophisticated form of cyber-crime.

Microsoft’s alert read, “An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.” The tech giant quickly moved to stifle the phishing attempt targeting its estimated 50 million+ users of Microsoft 365.

Which leads to the question … what does that mean?!?

Simply put, phishing on the web is very similar to fishing on the lake. The cybercriminals cast their line into the internet waters by sending out email that looks like it comes from a business or someone we know and trust.  I had another customer who recently had their email hacked and the cybercriminal used their email account to send hundreds of messages out to others from inside their account.

When a person clicks on a link in a phishing email, it’s like a fish striking the lure. The criminal’s got a hit, but they haven’t hooked you. Usually, that link takes you to a very convincing web page that looks like a password reset, or a login screen. The whole goal at this point is to set that hook by getting you to enter your login credentials.

Once you’ve entered your credentials, they will politely thank you for completing the requested transaction and hope you’ll forget about it. This is when they have you in the boat or on the shore, except you may not know it.

The goal of these phishing attempts is usually not to harm your computer by planting a virus, although they may try to put spyware like keylogging or camera capturing software to attempt to steal even more information. The real goal is to get your identity so they can sell that information on the dark web. Login credentials can sell for a few dollars each and when the cybercriminals sell bulk lists of IDs and passwords it adds up to some big bucks! 

Cybercriminals bank on our human nature to be lazy. It is sad to say but most of us use the same password or a small set of passwords over and over again. Maybe we get a little clever and change a number or something in the password when we’re forced to, but for the most part, we keep our passwords the same. Once a cybercriminal has your identity for the web site, they will quickly try to log in to other common sites. The more they can successfully log in with your credentials, the more valuable that information has on the dark web.

The folks stealing your ID and password are just the tip of the iceberg. This is a highly organized and sophisticated crime.  Once someone has bought your valid login information, they can leverage that to steal more information, commit identity theft, fraud, and use your ID to convince friends, family, and business associates to give up their information.

Help protect yourself

Invest in good anti-virus and anti-malware software. Many products have browser add-ins that will alert you if you are visiting a suspicious site. If you have a small business, or you want to up your personal protection game a bit, investing in other tools such as DNS blockers will also give you a higher level of protection.

Be suspicious of any email. Unless you have had communication with someone already and are expecting an email, make the assumption that any link could be an attempt to steal your information.

Another trick is to look at the actual link destination, not just the text you click on. On a PC you can hold your mouse over a link without clicking it and the browser will show you where the link will take you. Usually, you see this information at the bottom of the browser window. If the link at the bottom of the screen doesn’t match the text in the email don’t click it. 

Criminals are very crafty, so be very careful with this. WWW.CMITSOLUTIONS.COM/SE-WISCONSIN is not the same as WWW.CMITS0LUTI0NS.COM/SE-WISCONSIN although they look remarkably similar. Likewise, the text link you see may say WWW.CMITSOLUTIONS.COM/SE-WISCONSIN but when you hover your mouse, you may see a very different destination like https://www.abc.com/e/660363/2021-08-16/77n3ny/951875288?h=tKR0sTN8ok9zIBM3LJ8cXT6kYsBV79EjIRsuHYqJxKM. If it doesn’t match, definitely don’t click the link.

Lastly, don’t click the link at all. If you receive an email from a business you shop with like Amazon, or Walmart, don’t click links in the email. Instead, open a new browser and log into your account. Most companies will have an area where they will have messages for important things for you to know or take action on. Use the company’s message system as a way to avoid clicking on email links.

Contact CMIT Solutions for more information on cyber security.

HAVE A STORY TO TELL?