Office 365 Accounts Compromised via ATO Attacks Used in BEC Scams

Office 365 Accounts Compromised via ATO Attacks Used in BEC Scams

Exploit: Account takeover attack
Microsoft: Multinational technology company based in Redmond, Washington

gear
Risk to Small Business: 2.111 = Severe: Hackers used many different maneuvers including brand impersonation, social engineering, and phishing scams to gain access to the email accounts of Office 365 users. Once inside, the cybercriminals implemented a variety of inbox rules to hide their behavior as they sent thousands of emails intended to facilitate spear phishing, BEC attacks, and malvertising campaigns.

gear
Individual Risk: 2.284 = Severe While hackers gained access to user email accounts, it appears that their primary purpose was to proliferate the scam by sending emails to unsuspecting recipients. However, users with compromised Office 365 accounts should immediately change their passwords while also being mindful of the potential for data misuse.

Customers Impacted: 4000

How it Could Affect Your Customers’ Business: Email account compromises are the center of many data breaches today, and it’s time that small businesses take notice. The good news is, securing employee and user accounts can be achieved by partnering up with the right cybersecurity training solution.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


We just released another FREE eBook: 3 Types of Cyber Security Solutions Your Business Must Have!DOWNLOAD HERE
+ +