Our technology team has noticed a recent increase in phishing attacks that are targeted toward Microsoft/Office 365 accounts.
Phishing can take different forms, but it involves an attacker attempting to trick you into giving up your password. The recent attacks have included personalized, well-crafted email messages inviting you to a click a link to retrieve something (a file, a voicemail message, an article, etc.). Once the link has been clicked, you’re brought to a legitimate-looking sign-in page where you enter your username & password. Unfortunately, this is where the scam occurs.
The emails are very convincing and can be alarming for the recipient to receive. These scammers are calculating and deliberate. To ensure that this doesn’t happen to you, here is our phishing scam checklist:
- Check the address bar in your browser. Anytime you’re being asked to enter your password into a webpage, assume the possibility of a scam. Check your browser to make sure you’re using the website you think you are!
- Use 2-factor authentication. 2-factor authentication makes it much more difficult for an attacker to access your account, because a secondary code from your mobile device is required in order to log in.
- When in doubt, ask! Your IT team is always happy to check out an email or link if you’re unsure of its legitimacy. It’s far easier for IT to investigate before than after, so always ask!
Mimecast, and other systems, block a vast majority of the fraudulent emails that come through but there is no system in the world that can provide perfect protection. Attackers are always studying security systems and finding innovative new ways to get around them. Inevitably, some spam and phishing messages will find their way through, so it’s important that we are aware and remain vigilant.
If you have any questions on phishing scams or other technology matters, please contact us at 781-235-1490.