Office 365 Accounts Compromised via ATO Attacks Used in BEC Scams
Exploit: Account takeover attack Microsoft: Multinational technology company based in Redmond, Washington
Risk to Small Business:2.111 = Severe: Hackers used many different maneuvers including brand impersonation, social engineering, and phishing scams to gain access to the email accounts of Office 365 users. Once inside, the cybercriminals implemented a variety of inbox rules to hide their behavior as they sent thousands of emails intended to facilitate spear phishing, BEC attacks, and malvertising campaigns.
Individual Risk:2.284 = Severe While hackers gained access to user email accounts, it appears that their primary purpose was to proliferate the scam by sending emails to unsuspecting recipients. However, users with compromised Office 365 accounts should immediately change their passwords while also being mindful of the potential for data misuse.
Customers Impacted: 4000
How it Could Affect Your Customers’ Business: Email account compromises are the center of many data breaches today, and it’s time that small businesses take notice. The good news is, securing employee and user accounts can be achieved by partnering up with the right cybersecurity training solution.